Posted on September 18, 2015 · Posted in Active Directory, Powershell

How Automatically Fill Computer Description Field in Active Directory

In this article we’ll demonstrate how to fill the computer information in Active Directory using PowerShell. As an example, we’ll show how to save the information about the computer model in the description field of a computer objects in Active Directory.

So, we want the information about the manufacturer of the computer, its model and serial number to be displayed in the Description field of the computer in Active Directory Users and Computers console. This information can be obtained using the following WMI query:

Get-WMIObject  Win32_ComputerSystemProduct | Select Vendor, Name, IdentifyingNumber

The query returns the following data:

  • Vendor – HP
  • Name – Proliant DL 360 G5
  • IdentifyingNumber – CZJ733xxxx

Get-WMIObject  Win32_ComputerSystemProduct

Now you have to write this information into the Description field of this computer in AD. ActiveDirectory for Windows PowerShell module can help us. (It is supposed that this module is already installed from RSAT).

Import this module using the following command:

Import-Module ActiveDirectory

Tip. In Windows Server 2012 and later ActiveDirectory for PowerShell module is enabled by default and doesn’t need to be imported in the PoSh session.

Assign the name of Active Directory account you want to change to the variable $computer:

$computer = "PC-Name-p01"

Then type the necessary computer data to the following variables:

$vendor = (Get-WMIObject -ComputerName $computer  Win32_ComputerSystemProduct).Vendor
$name = (Get-WMIObject -ComputerName $computer  Win32_ComputerSystemProduct).Name
$identifyingNumber = (Get-WMIObject -ComputerName $computer  Win32_ComputerSystemProduct).identifyingNumber

Look what values are assigned to the variables:


powershell ise

Now you only have to save these data to the Description field of the computer account in Active Directory. Powershell cmdlet Set-ADComputer will help you to do it. Run this command:

Set-ADComputer $computer –Description “$vendor : $name : $identifyingNumber

Tip. In this example the command is run with the domain administrator privileges. To do the same to other accounts, give them the corresponding privileges (see below).

Make sure that the information about the manufacturer and the model of the system have appeared in the Description field of our computer in the AD console.

populated computer description fileld in active directory

We have refreshed the data in AD only for one computer. To fill in the data for all computers in a given container (OU) in AD, use the cmdlet Get-ADComputer and foreach cycle.

Create an array containing the list of all computers in the given OU:

$computers = Get-ADComputer -Filter * -searchBase "OU=Computers,DC=woshub,DC=com"

Then using foreach cycle, get the information about every computer from WMI and save it in Active Directory:

foreach ($computer in $computers)
$vendor = (Get-WMIObject -ComputerName $computer Win32_ComputerSystemProduct).Vendor
$name = (Get-WMIObject -ComputerName $computer Win32_ComputerSystemProduct).Name
$identifyingNumber = (Get-WMIObject -ComputerName $computer Win32_ComputerSystemProduct).IdentifyingNumber
Set-ADComputer $computer –Description “$vendor : $name : $identifyingNumber}

posh foreach computer in ou

After using this script, the Description of all computers of the selected OU in Active Directory will be filled in.

Note. To get these data, target computers have to be turned on and WMI queries to them have to pass through.

This technique can be used to automatically populate the Description field of a computers in Active Directory. It is easier to do with a group policy logon script so that the data in the AD record are updated at the computer startup. To implement this scenario, you will have to give Authenticated Users  the Write Description privilege and apply it to Descendant Computer Objects.

Write Descriptionpermission

Note. The drawback of this approach is that any authenticated AD user can change or delete the description of any computer in Active Directory.

Using this technique, you can fill in any available computer attribute in Active Directory either manually or automatically. In particular, you can write the name of the current user registered in the system, his department (this information can be obtained using Get-ADUser), IP address of the computer or any other relevant information in the Description field.

Related Articles