locked
Powershell using last logged on user to update Active Directory computer description RRS feed

  • Question

  • I'm trying to create a script that I can deploy later using GPO. The purpose is to use the last user that logged on to update the description field in Active Directory of the computer they are logging onto. This is how far I have gotten and am curious if I am missing anything. Thanks.

    #Store the username of the person logging in 
    #into UserNameDesc

    $UserNameDesc = $env:username


    #Store the local machine's computer
    #name into ComputerName

    $ComputerName = $env:computername


    #Retrieve whats currently in the description field
    #So that we can compare it later

    $ADdesc = get-adcomputer $ComputerName -Property Description | Select-Object -ExpandProperty Description


    #Test if the description field already had the same user description
    #Pass the User name into description where
    #the computer in AD = the local computer name

    if($ADdesc -notlike $UserNameDesc){Set-ADComputer $computername -Description $UserNameDesc}

    Friday, May 31, 2019 8:01 PM

All replies

  • A user cannot set the description field in AD.

    Have script write user to a file in the "public" folder or to  share.


    \_(ツ)_/


    • Edited by jrv Friday, May 31, 2019 8:16 PM
    Friday, May 31, 2019 8:15 PM
  • For that you need that your pushed script to have the right on AD, with a passord in it.
    Generally it is a bad kind of idea ...
    I eventually suggest you to right a userlog.txt on a SMB share, create a service account with very low rights and dedicated to that.

    Create on the remote computer a task that run at each logon, or check event id for exemple.

    https://www.faqforge.com/windows-server-2016/configure-scheduled-task-item-using-group-policy/

    Sunday, June 2, 2019 10:36 PM