Re: Active Directory Computer Attributes

Tech-Archive recommends: Fix windows errors by optimizing your registry

---

• From: "Richard Mueller [MVP]" <rlmueller-nospam@xxxxxxxxxxxxxxxxxxxx>
• Date: Mon, 2 Jun 2008 07:05:54 -0500

---

Anwar wrote:

I'd like to set the location attribute on the Active Directory computer
object. The script is fairly straightforward;

Set oADSysInfo = CreateObject("ADSystemInfo")
set oComputer = GetObject("LDAP://"; & oADSysInfo.ComputerName)
oComputer.location = "Site A Building B Floor C Room D"
oComputer.SetInfo

However, the clever bit is to get the computer to update it's own location
automatically. I know there are probably some clever things that can be
done
with the new Link Layer Topology Protocol (LLTP) capabilities in Windows
Vista, but for now I'm considering prompting *trusted* users, which would
then get written to AD.

By default Active Directory grants SELF read and write permissions to
"Personal Information", which Microsoft concedes is a little vague;

http://msdn.microsoft.com/en-us/library/ms684394.aspx

However, personal information includes the comments field.

I'm trying to set the comments attribute on the computer object. I
thought
my best chance in terms of security was running the script in the computer
startup or shutdown scripts, but this didn't work. Anyone have any ideas?
We have a Windows Server 2003 R2 Enterprise domain.

Which attribute of the computer object do you want to update? What do you
want the value to be and where will it come from? If the attribute value can
be generated automatically, it would make more sense for you do update it
yourself in bulk, either in ADUC, in a script, or using a command line tool.
The only reason not to do it yourself is because you cannot determine the
required value.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--


.

---

• Follow-Ups:
  • Re: Active Directory Computer Attributes
    • From: Anwar Mahmood

• Prev by Date: Re: Calling javascript method in ASP, with arguments - get js error because of special chars
• Next by Date: Re: Sorting files in a folder
• Previous by thread: Calling javascript method in ASP, with arguments - get js error because of special chars
• Next by thread: Re: Active Directory Computer Attributes
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Script to Rename Computer Name in Domain ... i looking a script to rename computer name in domain server 2003 ... To rename a computer you bind to the parent OU/Container of the computer ... you would need to also prompt for the current name. ... ' Bind to the parent OU/container of computer object. ... (microsoft.public.windows.server.scripting) Re: LDAP query information ... a "Dim" statement. ... execution of the script. ... ' Filter on computer object. ... ' Construct LDAP syntax query. ... (microsoft.public.windows.server.scripting) Re: Script to Rename Computer Name in Domain ... To rename a computer you bind to the parent OU/Container of the ... the local computer, you must run a script ... you can prompt for the new name with an InputBox ... ' Bind to the local computer object. ... (microsoft.public.windows.server.scripting) Re: Workstations permissions to its own AD computer object ... extensionAttribute of the computer object which relates to the ... I can create the script, but wondered if the rights are there by default ... Logon scripts run with the permissions of the user. ... This link indicates that the extensionAttributes should be in the collection ... (microsoft.public.windows.server.active_directory) Re: VBS Logon and move computer script ... So, for me, using the logon script is easier. ... > Dim objRootDSE, strDNSDomain, objCommand, objConnection ... > ' Move to the next computer object. ... > Set objRecordSet = Nothing ... (microsoft.public.windows.server.scripting)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Scripting  > microsoft.public.scripting.vbscript  > 2008-06