How Can I Change the User and Computer Account Description Attributes Each Time a User Logs On?

Hey, Scripting Guy! Question

Hey, Scripting Guy! How can I change the user and computer account Description attributes each time a user logs on? I’d like the Description to indicate who logged on, and when.

— GG

SpacerHey, Scripting Guy! AnswerScript Center

Hey, GG. This is actually a pretty good idea. One question we get asked all the time is this: “How can I get a list of all my computers and who’s logged on to them?” The truth is, there really isn’t a good way to do that. The answer to today’s question is a nice solution to that problem: all you’d have to do is query Active Directory and return a list of computers (or users) and the Description attribute. That would give you your list right there.


A couple caveats before we begin. First, you’ll probably want to configure this as a logon script; you’re on your own for that. Second, you’ll have to make sure that all your users have permissions to change the Description attribute for both their own account and for the computer account. That’s likely the case anyway, but you’ll need to double-check it before implementing this solution.


OK, let’s take a look at the script that – each time a user logs on – changes the Description attribute for both the user account and the computer account in Active Directory:

Set objSysInfo = CreateObject(“ADSystemInfo”)

Set objUser = GetObject(“LDAP://” & objSysInfo.UserName)
Set objComputer = GetObject(“LDAP://” & objSysInfo.ComputerName)

strMessage = objUser.CN & ” logged on to ” & objComputer.CN & ” ” & Now & “.”

objUser.Description = strMessage
objUser.SetInfo

objComputer.Description = strMessage
objComputer.SetInfo


We begin by creating an instance of ADSystemInfo, an Active Directory class that returns a lot of useful information about the current user and computer. (For a script showing all the data that can be returned using ADSystemInfo click here.) We then use the UserName and ComputerName properties of this object to create a pair of object references, one (objUser) that binds us to the logged-on user’s Active Directory account, the other (objComputer) that binds us to the computer’s Active Directory account.


Next we create the string that we want to write to the Description attribute. Obviously you can write anything you want to this attribute; we chose to combine the user’s CN, the computer’s CN, and the current date and time (plus a few additional words just to turn the thing into a sentence). That’s what this code is all about:

strMessage = objUser.CN & ” logged on to ” & objComputer.CN & ” ” & Now & “.”

Ultimately, that results in a description similar to this:

Ken Myer logged on to atl-ws-01 4/25/2005 8:04:54 AM

So how do we actually get the Description set to this string? Well, to set the Description for the logged-on user we use these two lines of code:

objUser.Description = strMessage
objUser.SetInfo

All this does is configure the Description on the local cache copy of the user account, and then use the SetInfo method to write that information back to Active Directory. (Have no idea what we mean by the local cache copy? See this section of the Microsoft Windows 2000 Scripting Guide for more information.) We then use similar code to set the Description for the computer account:

objComputer.Description = strMessage
objComputer.SetInfo

One thing you might want to do as well is include a logoff script that either erases the Description or changes the message (e.g., Ken Myer logged on to atl-ws-01 4/25/2005 8:04:54 AM). That way you can not only keep track of which users are logged on to which computers, but you can also keep track of which users are not logged on at all (as well as which computers have no current user).


Good idea, GG. We only wish we’d thought of it!