How Can I Change the User and Computer Account Description Attributes Each Time a User Logs On?

How Can I Change the User and Computer Account Description Attributes Each Time a User Logs On?

  • Comments 4
  • Likes
Hey, Scripting Guy! Question

Hey, Scripting Guy! How can I change the user and computer account Description attributes each time a user logs on? I’d like the Description to indicate who logged on, and when.

-- GG

SpacerHey, Scripting Guy! AnswerScript Center

Hey, GG. This is actually a pretty good idea. One question we get asked all the time is this: “How can I get a list of all my computers and who’s logged on to them?” The truth is, there really isn’t a good way to do that. The answer to today’s question is a nice solution to that problem: all you’d have to do is query Active Directory and return a list of computers (or users) and the Description attribute. That would give you your list right there.

A couple caveats before we begin. First, you’ll probably want to configure this as a logon script; you’re on your own for that. Second, you’ll have to make sure that all your users have permissions to change the Description attribute for both their own account and for the computer account. That’s likely the case anyway, but you’ll need to double-check it before implementing this solution.

OK, let’s take a look at the script that - each time a user logs on - changes the Description attribute for both the user account and the computer account in Active Directory:

Set objSysInfo = CreateObject("ADSystemInfo")

Set objUser = GetObject("LDAP://" & objSysInfo.UserName)
Set objComputer = GetObject("LDAP://" & objSysInfo.ComputerName)

strMessage = objUser.CN & " logged on to " & objComputer.CN & " " & Now & "."

objUser.Description = strMessage
objUser.SetInfo

objComputer.Description = strMessage
objComputer.SetInfo

We begin by creating an instance of ADSystemInfo, an Active Directory class that returns a lot of useful information about the current user and computer. (For a script showing all the data that can be returned using ADSystemInfo click here.) We then use the UserName and ComputerName properties of this object to create a pair of object references, one (objUser) that binds us to the logged-on user’s Active Directory account, the other (objComputer) that binds us to the computer’s Active Directory account.

Next we create the string that we want to write to the Description attribute. Obviously you can write anything you want to this attribute; we chose to combine the user’s CN, the computer’s CN, and the current date and time (plus a few additional words just to turn the thing into a sentence). That’s what this code is all about:

strMessage = objUser.CN & " logged on to " & objComputer.CN & " " & Now & "."

Ultimately, that results in a description similar to this:

Ken Myer logged on to atl-ws-01 4/25/2005 8:04:54 AM

So how do we actually get the Description set to this string? Well, to set the Description for the logged-on user we use these two lines of code:

objUser.Description = strMessage
objUser.SetInfo

All this does is configure the Description on the local cache copy of the user account, and then use the SetInfo method to write that information back to Active Directory. (Have no idea what we mean by the local cache copy? See this section of the Microsoft Windows 2000 Scripting Guide for more information.) We then use similar code to set the Description for the computer account:

objComputer.Description = strMessage
objComputer.SetInfo

One thing you might want to do as well is include a logoff script that either erases the Description or changes the message (e.g., Ken Myer logged on to atl-ws-01 4/25/2005 8:04:54 AM). That way you can not only keep track of which users are logged on to which computers, but you can also keep track of which users are not logged on at all (as well as which computers have no current user).

Good idea, GG. We only wish we’d thought of it!

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • How would I take what you've done and further it by adding what the user above suggested and erase the Description upon logout?

  • Hi,

    I don't know what said script would be run in.  Would this be WSH (Windows Script Host), PowerShell, ADSI (Active Directory Service Interface), WMI (Windows Management Instrumentation), VB (Visual Basic), DOS?

    I would love to implement this, but need to know what TYPE of script you are talking about when you say 'script'.

    Thank you in advance.

    -Scott

  • @Scott - it is a script written n the Microsft basic scripting language. It is the langauge that is used on most Microsoft scripts and in most web pages for over 2 decades.  I am surprised you have never heard of it.  You must be very new to Windows.

    Here is a link to teh Microsoft scripting center.  It may help to answer some of your questions about what scripts are and why we use them.  I think you will find that computers can be very powerful because it is possible to do this.

    technet.microsoft.com/.../bb410849.aspx

    Read the material.  You will see that Windows has far exceeded what can be done on your smart phone or iPad.  You can aslo discover scripting on Wikipedia.

    en.wikipedia.org/.../Scripting

  • I wish you could help me here. I have the script that I can change the description for one computer but I am having trouble to do multiple computer description change(same description) from a .txt file where all the comuter host name is there. Here is the script I have but need some help to modify...Pleae help me.

    Const ADS_SCOPE_SUBTREE = 2

    strComputer = InputBox("Please enter the computer name:", "Description to be Added")

    strDescription = InputBox("Please enter the Description",strComputer)

    Set objConnection = CreateObject("ADODB.Connection")

    Set objCommand =   CreateObject("ADODB.Command")

    objConnection.Provider = "ADsDSOObject"

    objConnection.Open "Active Directory Provider"

    Set objCommand.ActiveConnection = objConnection

    objCommand.Properties("Page Size") = 1000

    objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

    objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://DC=org,DC=ad,DC=toronto,DC=ca' WHERE objectCategory='computer' and name = '" & strComputer & "'"

    Set objRecordSet = objCommand.Execute

    objRecordSet.MoveFirst

    Do Until objRecordSet.EOF

        strDN = objRecordSet.Fields("distinguishedName").Value

        objRecordSet.MoveNext

    Loop

    Set objComputer = GetObject("LDAP://" & strDN)

    objComputer.Put "Description" , strDescription

    objComputer.SetInfo

    Msgbox "Done"