The Set-ADComputer cmdlet permits you to change the attributes of a pc account object in Active Directory. In this text, we’ll present how to add present logged-in username and IP deal with to the pc properties in AD utilizing the Set-ADComputer cmdlet. This PowerShell script could also be helpful whenever you want to discover within the area the pc on which the precise person is logged-in.
- Using Set-ADComputer to Change Computer Attributes in Active Directory
- How to Add Logged-in User Name to the AD Computer Properties?
Using Set-ADComputer to Change Computer Attributes in Active Directory
The Set-ADComputer cmdlet is part of the . This module have to be put in (as part of ) and imported to your PowerShell session. Let’s see on how to use the Set-ADComputer cmdlet to replace laptop account properties.
Let’s strive to add your organization and a division title to the pc properties in AD. Firstly, examine what’s specified within the Company, Department and Description fields of your area laptop utilizing the cmdlet.
Get-ADComputer lon-man01 -properties *|select-object dNSHostName,operatingSystem,firm,division, description|ft -wrap -auto
As you’ll be able to see, the Description, Company and Department fields are empty for this laptop object.
Let’s strive to change the pc description utilizing the command:
Set-ADComputer -Identity LON-MAN01 -Add @
You can specify the pc location:
Set-ADComputer –Identity LON-MAN01 –Location “UK/London”
If you need to set a number of laptop parameters, use the next PowerShell code:
$Server = Get-ADComputer -Identity LON-MAN01
$Server.firm = "Woshub"
$Server.division = "IT"
Set-ADComputer -Instance $Server
Make certain that the pc attributes have modified:
Get-ADComputer LON-MAN01 -properties *|select-object dNSHostName,operatingSystem,firm,division, description|ft -wrap -auto
As you’ll be able to see, the pc attributes include the data we want. Then we will likely be ready to choose computer systems in AD based mostly on these attribute values. For instance, I would love to discover all computer systems of the IT division for the Woshub firm. The PS command to discover all laptop by these standards might seem like this:
Get-ADComputer -Filter -properties *|select-object dNSHostName,operatingSystem,firm,division, description|ft -wrap -auto
The Set-ADComputer cmdlet additionally permits you to disable/allow a pc object account in AD:
Set-ADComputer lon-pc-h1221 -Enabled $false
How to Add Logged-in User Name to the AD Computer Properties?
Let’s take into account a extra fascinating and helpful instance of utilizing Set-ADComputer. Suppose, you have got determined to write the present laptop IP deal with and the title of the final logged-in person to the attributes of every laptop in Active Directory.
We’ll use the description attribute to retailer the IP deal with of the pc, and the ManagedBy attribute for the person title who’s presently logged on this laptop.
First of all, you should for the Domain Users group (or one other person safety group) on the OU containing person computer systems. Allow customers to change the values of the next fields for Computers objects: ManagedBy and Description (grant Write Description and Write Managed By permissions).
Then create a brand new Group Policy containing the next (User Configuration -> Policies -> Windows Settings -> Scripts -> Logon) to be run when a person logs on to the pc:
$env:HostIP = (
$currus_cn=(get-aduser $env:UserName -properties *).DistinguishedName
$ADComp = Get-ADComputer -Identity $curhostname
$ADComp.ManagedBy = $currus_cn
$ADComp.description = $env:HostIP
Set-ADComputer -Instance $ADComp
This PowerShell script is run below a person account and detects the IP deal with of the present laptop and present person CanonicalName (CN). Then script writes this knowledge to the pc account object in AD.
This script requires that the RSAT-AD-PowerShell module to be put in on the person computer systems. But there’s a approach to deploy PowerShell ActiveDirectory Module with out putting in RSAT.
You should hyperlink this GPO to the OU with the computer systems and allow the coverage Configure person Group Policy Loopback Processing mode (examine the ).
Now, when a person logs on to a pc, the logon PowerShell script is run and it updates the pc description in AD.
You can examine the IP addresses of the computer systems within the Active Directory Users and Computers (ADUC) console. The Managed By tab of the pc properties accommodates an lively hyperlink to the account of the person final logged-in to this laptop.
Now you’ll be able to rapidly discover the computer systems within the area by their IP addresses:
get-adcomputer -filter -properties *|choose title,description,managedBy
Or you’ll find all computer systems within the area the precise person is logged on ( is used to get the person DistinguishedName):
$user_cn=(get-aduser $person -properties *).DistinguishedName
Get-ADComputer -Filter "ManagedBy -eq '$user_cn'" -properties *|choose title,description,managedBy|ft
In the identical approach it can save you any details about a workstation or a person to the pc account properties in AD and use it to search computer systems in AD.