Windows OS Hub
  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange

 Windows OS Hub / Active Directory / Set-ADComputer: How to Change AD Computer Properties and Add Logged User Info?

March 5, 2020 Active DirectoryPowerShell

Set-ADComputer: How to Change AD Computer Properties and Add Logged User Info?

The Set-ADComputer cmdlet allows you to change the attributes of a computer account object in Active Directory. In this article, we’ll show how to add current logged-in username and IP address to the computer properties in AD using the Set-ADComputer cmdlet. This PowerShell script may be useful when you need to find in the domain the computer on which the specific user is logged-in.

Contents:
  • Using Set-ADComputer to Change Computer Attributes in Active Directory
  • How to Add Logged-in User Name to the AD Computer Properties?

Using Set-ADComputer to Change Computer Attributes in Active Directory

The Set-ADComputer cmdlet is a part of the PowerShell Active Directory module. This module must be installed (as a part of RSAT) and imported to your PowerShell session. Let’s see on how to use the Set-ADComputer cmdlet to update computer account properties.

Let’s try to add your company and a department name to the computer properties in AD. Firstly, check what is specified in the Company, Department and Description fields of your domain computer using the Get-ADComputer cmdlet.

Get-ADComputer lon-man01 -properties *|select-object dNSHostName,operatingSystem,company,department, description|ft -wrap -auto
Get-ADComputer - get computer properties
As you can see, the Description, Company and Department fields are empty for this computer object.

Let’s try to change the computer description using the command:

Set-ADComputer -Identity LON-MAN01 -Add @{"description"="Infrastructure management server"}

You can specify the computer location:

Set-ADComputer –Identity LON-MAN01 –Location “UK/London”

If you want to set multiple computer parameters, use the following PowerShell code:

$Server = Get-ADComputer -Identity LON-MAN01
$Server.company = "Woshub"
$Server.department = "IT"
Set-ADComputer -Instance $Server

Make sure that the computer attributes have changed:

Get-ADComputer LON-MAN01 -properties *|select-object dNSHostName,operatingSystem,company,department, description|ft -wrap -auto

Set-ADComputer - update computer object properties using powershell

As you can see, the computer attributes contain the information we need. Then we will be able to select computers in AD based on these attribute values. For example, I would like to find all computers of the IT department for the Woshub company. The PS command to find all computer by these criteria may look like this:

Get-ADComputer -Filter {(company -eq 'Woshub') -and (department -like 'IT')} -properties *|select-object dNSHostName,operatingSystem,company,department, description|ft -wrap -auto

The Set-ADComputer cmdlet also allows you to disable/enable a computer object account in AD:

Set-ADComputer lon-pc-h1221 -Enabled $false

Set-ADComputer - enable computer in AD

How to Add Logged-in User Name to the AD Computer Properties?

Let’s consider a more interesting and useful example of using Set-ADComputer. Suppose, you have decided to write the current computer IP address and the name of the last logged-in user to the attributes of each computer in Active Directory.

We’ll use the description attribute to store the IP address of the computer, and the ManagedBy attribute for the user name who is currently logged on this computer.

First of all, you must delegate the specific AD permissions for the Domain Users group (or another user security group) on the OU containing user computers. Allow users to change the values of the following fields for Computers objects: ManagedBy and Description (grant Write Description and Write Managed By permissions).

delegate ad permissions Write Description and Write Managed By

Then create a new Group Policy containing the following PowerShell logon script (User Configuration -> Policies -> Windows Settings -> Scripts -> Logon) to be run when a user logs on to the computer:

$curhostname=$env:computername
$env:HostIP = (
Get-NetIPConfiguration |
Where-Object {
$_.IPv4DefaultGateway -ne $null -and
$_.NetAdapter.Status -ne "Disconnected"
}
).IPv4Address.IPAddress
$currus_cn=(get-aduser $env:UserName -properties *).DistinguishedName
$ADComp = Get-ADComputer -Identity $curhostname
$ADComp.ManagedBy = $currus_cn
$ADComp.description = $env:HostIP
Set-ADComputer -Instance $ADComp

This PowerShell script is run under a user account and detects the IP address of the current computer and current user CanonicalName (CN). Then script writes this data to the computer account object in AD.

This script requires that the RSAT-AD-PowerShell module to be installed on the user computers. But there is a way to deploy PowerShell ActiveDirectory Module without installing RSAT.

You must link this GPO to the OU with the computers and enable the policy Configure user Group Policy Loopback Processing mode (check the article).

Now, when a user logs on to a computer, the logon PowerShell script is run and it updates the computer description in AD.

You can check the IP addresses of the computers in the Active Directory Users and Computers (ADUC) console. The Managed By tab of the computer properties contains an active link to the account of the user last logged-in to this computer.

show IP address and currently logged username in the Active Directory computer properties

Now you can quickly find the computers in the domain by their IP addresses:

get-adcomputer -filter {description -like "192.168.15.*"} -properties *|select name,description,managedBy

Or you can find all computers in the domain the specific user is logged on (Get-ADUser is used to get the user DistinguishedName):

$user='a.adams'
$user_cn=(get-aduser $user -properties *).DistinguishedName
Get-ADComputer -Filter "ManagedBy -eq '$user_cn'" -properties *|select name,description,managedBy|ft

find computers in AD that a specific uses is logged on

In the same way you can save any information about a workstation or a user to the computer account properties in AD and use it to search computers in AD.

 A similar scenario to store the information about a model and a serial number of a server in Active Directory computer object properties is considered in this article.

0 comment
2
Facebook Twitter Google + Pinterest
previous post
Hyper-V Boot Error: The Image’s Hash and Certificate Are not Allowed
next post
IPMI: Configuring SuperMicro Remote Management Interface

Related Reading

Checking User Logon History in Active Directory Domain...

January 22, 2021

Windows 10: No Internet Connection After Connecting to...

January 13, 2021

Updating the PowerShell Version on Windows

December 24, 2020

Restoring Deleted Active Directory Objects/Users

December 21, 2020

Zabbix: Single Sign-On (SSO) Authentication in Active Directory

December 17, 2020

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange
  • Windows 10
  • Windows 8
  • Windows 7
  • Windows Server 2016
  • Windows Server 2012 R2
  • Windows Server 2008 R2
  • PowerShell
  • VMWare
  • MS Office

Recent Posts

  • Preparing Windows for Adobe Flash End of Life on December 31, 2020

    January 22, 2021
  • Checking User Logon History in Active Directory Domain with PowerShell

    January 22, 2021
  • How to Disable/Remove Thumbs.db File on Network Folders in Windows?

    January 21, 2021
  • MS SQL Server 2019 Installation Guide: Basic Settings and Recommendations

    January 19, 2021
  • USB Device Passthrough (Redirect) to Hyper-V Virtual Machine

    January 15, 2021
  • Windows 10: No Internet Connection After Connecting to VPN Server

    January 13, 2021
  • Updating the PowerShell Version on Windows

    December 24, 2020
  • How to Enable and Configure User Disk Quotas in Windows?

    December 23, 2020
  • Restoring Deleted Active Directory Objects/Users

    December 21, 2020
  • Fix: Search Feature in Outlook is Not Working

    December 18, 2020

Follow us

woshub.com
  • Facebook
  • Twitter
  • RSS
Popular Posts
  • How to Configure Google Chrome Using Group Policy ADMX Templates?
  • Allow RDP Access to Domain Controller for Non-admin Users
  • Get-ADUser: Getting Active Directory Users Info via PowerShell
  • Get-ADComputer: Find Computer Details in Active Directory with PowerShell
  • How to Find the Source of Account Lockouts in Active Directory domain?
  • Changing Desktop Background Wallpaper in Windows through GPO
  • Restricting Group Policy with WMI Filtering
Footer Logo

@2014 - 2018 - Windows OS Hub. All about operating systems for sysadmins


Back To Top