Windows OS Hub
  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu

 Windows OS Hub / Active Directory / Set-ADComputer: How to Change AD Computer Properties and Add Logged User Info?

March 5, 2020 Active DirectoryPowerShell

Set-ADComputer: How to Change AD Computer Properties and Add Logged User Info?

The Set-ADComputer cmdlet allows you to change the attributes of a computer account object in Active Directory. In this article, we’ll show how to add current logged-in username and IP address to the computer properties in AD using the Set-ADComputer cmdlet. This PowerShell script may be useful when you need to find in the domain the computer on which the specific user is logged-in.

Contents:
  • Using Set-ADComputer to Change Computer Attributes in Active Directory
  • How to Add Logged-in User Name to the AD Computer Properties?

Using Set-ADComputer to Change Computer Attributes in Active Directory

The Set-ADComputer cmdlet is a part of the PowerShell Active Directory module. This module must be installed (as a part of RSAT) and imported to your PowerShell session. Let’s see on how to use the Set-ADComputer cmdlet to update computer account properties.

Let’s try to add your company and a department name to the computer properties in AD. Firstly, check what is specified in the Company, Department and Description fields of your domain computer using the Get-ADComputer cmdlet.

Get-ADComputer lon-man01 -properties *|select-object dNSHostName,operatingSystem,company,department, description|ft -wrap -auto
Get-ADComputer - get computer properties
As you can see, the Description, Company and Department fields are empty for this computer object.

Let’s try to change the computer description using the command:

Set-ADComputer -Identity LON-MAN01 -Add @{"description"="Infrastructure management server"}

You can specify the computer location:

Set-ADComputer –Identity LON-MAN01 –Location “UK/London”

If you want to set multiple computer parameters, use the following PowerShell code:

$Server = Get-ADComputer -Identity LON-MAN01
$Server.company = "Woshub"
$Server.department = "IT"
Set-ADComputer -Instance $Server

Make sure that the computer attributes have changed:

Get-ADComputer LON-MAN01 -properties *|select-object dNSHostName,operatingSystem,company,department, description|ft -wrap -auto

Set-ADComputer - update computer object properties using powershell

As you can see, the computer attributes contain the information we need. Then we will be able to select computers in AD based on these attribute values. For example, I would like to find all computers of the IT department for the Woshub company. The PS command to find all computer by these criteria may look like this:

Get-ADComputer -Filter {(company -eq 'Woshub') -and (department -like 'IT')} -properties *|select-object dNSHostName,operatingSystem,company,department, description|ft -wrap -auto

The Set-ADComputer cmdlet also allows you to disable/enable a computer object account in AD:

Set-ADComputer lon-pc-h1221 -Enabled $false

Set-ADComputer - enable computer in AD

How to Add Logged-in User Name to the AD Computer Properties?

Let’s consider a more interesting and useful example of using Set-ADComputer. Suppose, you have decided to write the current computer IP address and the name of the last logged-in user to the attributes of each computer in Active Directory.

We’ll use the description attribute to store the IP address of the computer, and the ManagedBy attribute for the user name who is currently logged on this computer.

First of all, you must delegate the specific AD permissions for the Domain Users group (or another user security group) on the OU containing user computers. Allow users to change the values of the following fields for Computers objects: ManagedBy and Description (grant Write Description and Write Managed By permissions).

delegate ad permissions Write Description and Write Managed By

Then create a new Group Policy containing the following PowerShell logon script (User Configuration -> Policies -> Windows Settings -> Scripts -> Logon) to be run when a user logs on to the computer:

$curhostname=$env:computername
$env:HostIP = (
Get-NetIPConfiguration |
Where-Object {
$_.IPv4DefaultGateway -ne $null -and
$_.NetAdapter.Status -ne "Disconnected"
}
).IPv4Address.IPAddress
$currus_cn=(get-aduser $env:UserName -properties *).DistinguishedName
$ADComp = Get-ADComputer -Identity $curhostname
$ADComp.ManagedBy = $currus_cn
$ADComp.description = $env:HostIP
Set-ADComputer -Instance $ADComp

This PowerShell script is run under a user account and detects the IP address of the current computer and current user CanonicalName (CN). Then script writes this data to the computer account object in AD.

This script requires that the RSAT-AD-PowerShell module to be installed on the user computers. But there is a way to deploy PowerShell ActiveDirectory Module without installing RSAT.

You must link this GPO to the OU with the computers and enable the policy Configure user Group Policy Loopback Processing mode (check the article).

Now, when a user logs on to a computer, the logon PowerShell script is run and it updates the computer description in AD.

You can check the IP addresses of the computers in the Active Directory Users and Computers (ADUC) console. The Managed By tab of the computer properties contains an active link to the account of the user last logged-in to this computer.

show IP address and currently logged username in the Active Directory computer properties

Now you can quickly find the computers in the domain by their IP addresses:

get-adcomputer -filter {description -like "192.168.15.*"} -properties *|select name,description,managedBy

Or you can find all computers in the domain the specific user is logged on (Get-ADUser is used to get the user DistinguishedName):

$user='a.adams'
$user_cn=(get-aduser $user -properties *).DistinguishedName
Get-ADComputer -Filter "ManagedBy -eq '$user_cn'" -properties *|select name,description,managedBy|ft

find computers in AD that a specific uses is logged on

In the same way you can save any information about a workstation or a user to the computer account properties in AD and use it to search computers in AD.

 A similar scenario to store the information about a model and a serial number of a server in Active Directory computer object properties is considered in this article.

0 comment
2
Facebook Twitter Google + Pinterest
previous post
Hyper-V Boot Error: The Image’s Hash and Certificate Are not Allowed
next post
IPMI: Configuring SuperMicro Remote Management Interface

Related Reading

Configure User’s Folder Redirection with Group Policy

February 3, 2023

Join a Windows Computer to an Active Directory...

February 2, 2023

Using Previous Command History in PowerShell Console

January 31, 2023

How to Install the PowerShell Active Directory Module...

January 31, 2023

Finding Duplicate E-mail (SMTP) Addresses in Exchange

January 27, 2023

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange Server
  • Microsoft 365
  • Azure
  • Windows 11
  • Windows 10
  • Windows Server 2022
  • Windows Server 2019
  • Windows Server 2016
  • PowerShell
  • VMWare
  • Hyper-V
  • Linux
  • MS Office

Recent Posts

  • Configure User’s Folder Redirection with Group Policy

    February 3, 2023
  • Using Previous Command History in PowerShell Console

    January 31, 2023
  • How to Install the PowerShell Active Directory Module and Manage AD?

    January 31, 2023
  • Finding Duplicate E-mail (SMTP) Addresses in Exchange

    January 27, 2023
  • How to Delete Old User Profiles in Windows?

    January 25, 2023
  • How to Install Free VMware Hypervisor (ESXi)?

    January 24, 2023
  • How to Enable TLS 1.2 on Windows?

    January 18, 2023
  • Allow or Prevent Non-Admin Users from Reboot/Shutdown Windows

    January 17, 2023
  • Fix: Can’t Extend Volume in Windows

    January 12, 2023
  • Wi-Fi (Internet) Disconnects After Sleep or Hibernation on Windows 10/11

    January 11, 2023

Follow us

woshub.com
  • Facebook
  • Twitter
  • RSS
Popular Posts
  • Get-ADUser: Find Active Directory User Info with PowerShell
  • Allow RDP Access to Domain Controller for Non-admin Users
  • Configuring Proxy Settings on Windows Using Group Policy Preferences
  • Deploy PowerShell Active Directory Module without Installing RSAT
  • How to Refresh AD Groups Membership without Reboot/Logoff?
  • Managing User Photos in Active Directory Using ThumbnailPhoto Attribute
  • Changing Desktop Background Wallpaper in Windows through GPO
Footer Logo

@2014 - 2023 - Windows OS Hub. All about operating systems for sysadmins


Back To Top