adding logged on username to the Computer Description

How useful is this! If you ever need to know who is currently/was the last person to logon to a specific computer in the domain, configuring the following script to run against the chosen OU will append the persons logon name into the description field.

Credit for this goes out to HendrikWiese for this information.

First connect to your DC (Domain Controller / Active Directory Server)

SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME
1. Open Active Directory Users and Computers (ADUC)
2. Right Click your “domain.com” and click “Properties”
3. Select the “Security Tab” and click “Advanced” button
4. Click “Add” and then type “Authenticated Users” and click “OK”
5. No on the “Apply to:” drop down box locate and select “Descendant Computer objects”
6. Now in the Permissions window select the Allow check box for “Write all properties”
7. Click “OK”, “OK” and “OK” again.

CREATE SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME
1. Click start > run and type: notepad
2. Click “OK”
3. Now copy and paste the following code:

1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
Set objSysInfo = CreateObject("ADSystemInfo") 

Set objUser = GetObject("LDAP://" & objSysInfo.UserName) 
Set objComputer = GetObject("LDAP://" & objSysInfo.ComputerName) 

strMessage = objUser.CN & " logged in at " & objComputer.CN & " " & Now & "." 

'objUser.Description = strMessage 
'objUser.SetInfo 

objComputer.Description = strMessage 
objComputer.SetInfo

4. Now save this file to your desktop as AddUserDescriptionToAD.vbs
5. And that concludes the script

ADD SCRIPT TO GROUP POLICY TO UPDATE COMPUTER DESCRIPTION TO USERNAME
1. Open “Group Policy Manager” – Start > Administrative Tools > Group Policy Management
2. Expand “Forest: yourdomain.com”
3. Expand “Domains”
4. Expand “yourdomain.com”
5. Right click “Group Policy Objects” and select “New”
6. In the “Name” field type: User Configuration: Add Username to Computer Description
7. And click “OK”
8. Now under the “Group Policy Objects” locate the new GPO that was created “User Configuration: Add Username to Computer Description”
9. Right click the policy and click “Edit”
10. In the “Group Policy Management Editor” expand “User Configuration”
11. Expand “Policies”
12. Expand “Windows Settings”
13. And select “Scripts(Logon/Logoff)”
14. In the right pane double click “Logon”
15. Now click on “Show Files” (This will open the directory where you will need to copy the script AddUserDescriptionToAD.vbs)
16. So go to your Desktop and copy the “AddUserDescriptionToAD.vbs” script and paste it in the location that opened after click the “Show Files” button
17. Now go back to the “Logon Properties” window and click the “Add…” button
18. Now click the “Browse” button and double click the “AddUserDescriptionToAD.vbs” file.
19. Click “OK” and click “OK” again.
20. Close the “Group Policy Management Editor”

Next we will need to apply this policy to everyone.

APPLY NEW GPO (Group Policy Object) to All Users
1. On your “Group Policy Management” window
2. Ensure that you have expanded the “Forest:yourdomain.com > Domains > yourdomain.com”
3. Now right click on “yourdomain.com” and click “Link an Existing GPO…”
4. From the “Group Policy objects” list select the new Policy “User Configuration: Add Username to Computer Description” and click “OK”

but skip to today..

and you’ll probably find the blog a little more interesting.

The whole purpose of this blog is really to provide myself with a way of referencing all those niggly little things you uncover as you make your way through daily life as an IT Contractor. Many of the articles may indeed be other peoples findings so I’ll reference those where necessary, but others are as a result of many hours of meddling and working with different products and vendors in a bid to find solutions to ongoing problems.