none
Powershell Script to get location in AD of local computer RRS feed

  • Question

  • Hi All,

    I am trying to write a script to get the current location in AD of the computer I am running the script on.  So then I wrote a switch statement so if it is in certain AD locations, it will change the registry to have the PC auto login.  I am having trouble getting it to pull the current location of that PC in AD.  Any help?  Thanks!!

    Wednesday, January 3, 2018 12:23 PM

Answers

  • As long as the user is authenticated to AD, any client can retrieve the distinguished name of the local computer with the ADSystemInfo object. For example, in PowerShell:

    # Retrieve DN of local computer object in AD.
    $SysInfo = New-Object -ComObject "ADSystemInfo"
    $ComputerDN = $SysInfo.GetType().InvokeMember("ComputerName", "GetProperty", $Null, $SysInfo, $Null)
    $ComputerDN
    

    Documentation on ADSystemInfo and the other properties of the object here:

    https://msdn.microsoft.com/en-us/library/aa705962(v=vs.85).aspx


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    • Marked as answer by hobes22 Monday, January 8, 2018 5:20 PM
    Monday, January 8, 2018 3:29 PM
    Moderator

All replies

  • Hi,

    You can get place of current computer by using following expression:

    (Get-ADComputer $Env:COMPUTERNAME -Properties *).DistinguishedName

    Than you can parse the string as you need.

    Wednesday, January 3, 2018 12:46 PM
  • Computer objects in AD also have a "location" attribute, but it is not mandatory and may not have values assigned. It appears in ADUC on the "Location" tab of the computer properties. If this attribute does not have values assigned, you can assign them in ADUC or with PowerShell. To retrieve the value in PowerShell:

    Get-ADComputer $Env:COMPUTERNAME -Properties location

    The distinguishedName will reveal where in the hierarchy of AD the object resides. That is, in which OU or container.


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Wednesday, January 3, 2018 2:33 PM
    Moderator
  • Awesome, thanks so much.  I am going to try it out.  Appreciate it.  
    Wednesday, January 3, 2018 6:49 PM
  • So Get-ADComputer will not work for me as my client PCs do not have RSAT on them.  Bummer!
    Monday, January 8, 2018 3:09 PM
  • As long as the user is authenticated to AD, any client can retrieve the distinguished name of the local computer with the ADSystemInfo object. For example, in PowerShell:

    # Retrieve DN of local computer object in AD.
    $SysInfo = New-Object -ComObject "ADSystemInfo"
    $ComputerDN = $SysInfo.GetType().InvokeMember("ComputerName", "GetProperty", $Null, $SysInfo, $Null)
    $ComputerDN
    

    Documentation on ADSystemInfo and the other properties of the object here:

    https://msdn.microsoft.com/en-us/library/aa705962(v=vs.85).aspx


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    • Marked as answer by hobes22 Monday, January 8, 2018 5:20 PM
    Monday, January 8, 2018 3:29 PM
    Moderator
  • Here is an old function that retrieves all values as a PsObject.

    function Get-ADSystemInfo{ <# .LINK https://technet.microsoft.com/en-us/library/ee198776.aspx #> $properties = @( 'UserName', 'ComputerName', 'SiteName', 'DomainShortName', 'DomainDNSName', 'ForestDNSName', 'PDCRoleOwner', 'SchemaRoleOwner', 'IsNativeMode' ) $ads = New-Object -ComObject ADSystemInfo $type = $ads.GetType() $hash = @{} foreach($p in $properties){ $hash.Add($p,$type.InvokeMember($p,'GetProperty', $Null, $ads, $Null)) } [pscustomobject]$hash } Get-ADSystemInfo # get all user groups $userDN = Get-ADSystemInfo | select -expand username [adsi]"LDAP://$userDN" | select -expand memberof

    # get all computer properties
    $computerDN = Get-ADSystemInfo | select -expand computername
    [adsi]"LDAP://$computerDN" | select *



    \_(ツ)_/


    • Edited by jrv Monday, January 8, 2018 4:32 PM
    Monday, January 8, 2018 4:29 PM
  • This seems to have worked, thanks so much!
    Monday, January 8, 2018 5:21 PM