Sign in to follow this  
Followers 0
natetron66

Script to write attributes to AD

5 posts in this topic

Hi everyone,

I have a login script currently running that I created with autoit. I want to modify it to do another task as well, which is update the "Description" field of the computer object in AD when a user logs onto a machine. The reason being we have 1000 computers in a certain OU and theres only around 300 supposed to be there, as the other 700 are tombstoned pcs. I want to fill in the description field in AD, so after a week or two of users running this script I can delete the computer objects that do not have a description, hence cleaning up Active Directory. I want to use the user name of the person logging in to be the decription field. I currently already grab that in my login script. It is defined as $UserName. Please use this in any examples. I'm a total newb when it comes to scripting with AD. Thanks All! I appreciate it!

Nate

Share this post


Link to post
Share on other sites



Anyone???

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

Does the user have the proper rights to write to the AD?

Doesn't the Computer object contain a proper date for a user last changing the password while using this Computer you could retrieve from the AD?

In VBS:

lngDate = objRecordSet.Fields("pwdLastSet")

Set objDate = lngDate

dtmPwdLastSet = Integer8Date(objDate, lngBias)

Link to vbs

Jos

Edited by Jos

Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

Does the user have the proper rights to write to the AD?

Doesn't the Computer object contain a proper date for a user last changing the password while using this Computer you could retrieve from the AD?

In VBS:

lngDate = objRecordSet.Fields("pwdLastSet")

Set objDate = lngDate

dtmPwdLastSet = Integer8Date(objDate, lngBias)

Link to vbs

Jos

Hi,

just do a:

Your Computers are in OU MyOU in root of mydomain.namespace.local. You want to enumerate all computers of this ou, which are at least 4 weeks inactive:

dsquery computer "OU=MyOU,dc=mydomain, dc=namespace, dc=local" -inactive 4 -limit 1000

You shouldn't delete the computer accounts straight away. 1st i would set them disabled, and after a while i would delete them. You can make a combination of dsquery and dsmod:

dsquery computer "ou=MyOU,dc=mydomain, dc=namespace, dc=local" -inactive 4 -limit 1000 | dsmod computer -disabled yes

;-))

Stefan

Edited by 99ojo

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

To find out when the last logon of a computer to the domain happend just query the lastLogon attribute. You can use the adfunctions UDF which can be found here. You have to convert the returned value to readable format using this script.

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0