How Can I Change the User and Computer Account Description Attributes Each Time a User Logs On?

Hey, Scripting Guy! Question

Hey, Scripting Guy! How can I change the user and computer account Description attributes each time a user logs on? I’d like the Description to indicate who logged on, and when.

-- GG

SpacerHey, Scripting Guy! AnswerScript Center

Hey, GG. This is actually a pretty good idea. One question we get asked all the time is this: “How can I get a list of all my computers and who’s logged on to them?” The truth is, there really isn’t a good way to do that. The answer to today’s question is a nice solution to that problem: all you’d have to do is query Active Directory and return a list of computers (or users) and the Description attribute. That would give you your list right there.

A couple caveats before we begin. First, you’ll probably want to configure this as a logon script; you’re on your own for that. Second, you’ll have to make sure that all your users have permissions to change the Description attribute for both their own account and for the computer account. That’s likely the case anyway, but you’ll need to double-check it before implementing this solution.

OK, let’s take a look at the script that - each time a user logs on - changes the Description attribute for both the user account and the computer account in Active Directory:

Set objSysInfo = CreateObject("ADSystemInfo")

Set objUser = GetObject("LDAP://" & objSysInfo.UserName)
Set objComputer = GetObject("LDAP://" & objSysInfo.ComputerName)

strMessage = objUser.CN & " logged on to " & objComputer.CN & " " & Now & "."

objUser.Description = strMessage

objComputer.Description = strMessage

We begin by creating an instance of ADSystemInfo, an Active Directory class that returns a lot of useful information about the current user and computer. (For a script showing all the data that can be returned using ADSystemInfo click here.) We then use the UserName and ComputerName properties of this object to create a pair of object references, one (objUser) that binds us to the logged-on user’s Active Directory account, the other (objComputer) that binds us to the computer’s Active Directory account.

Next we create the string that we want to write to the Description attribute. Obviously you can write anything you want to this attribute; we chose to combine the user’s CN, the computer’s CN, and the current date and time (plus a few additional words just to turn the thing into a sentence). That’s what this code is all about:

strMessage = objUser.CN & " logged on to " & objComputer.CN & " " & Now & "."

Ultimately, that results in a description similar to this:

Ken Myer logged on to atl-ws-01 4/25/2005 8:04:54 AM

So how do we actually get the Description set to this string? Well, to set the Description for the logged-on user we use these two lines of code:

objUser.Description = strMessage

All this does is configure the Description on the local cache copy of the user account, and then use the SetInfo method to write that information back to Active Directory. (Have no idea what we mean by the local cache copy? See this section of the Microsoft Windows 2000 Scripting Guide for more information.) We then use similar code to set the Description for the computer account:

objComputer.Description = strMessage

One thing you might want to do as well is include a logoff script that either erases the Description or changes the message (e.g., Ken Myer logged on to atl-ws-01 4/25/2005 8:04:54 AM). That way you can not only keep track of which users are logged on to which computers, but you can also keep track of which users are not logged on at all (as well as which computers have no current user).

Good idea, GG. We only wish we’d thought of it!

Comments (6)

  1. jrv says:

    @Scott – it is a script written n the Microsft basic scripting language. It is the langauge that is used on most Microsoft scripts and in most web pages for over 2 decades.  I am surprised you have never heard of it.  You must be very new to Windows.

    Here is a link to teh Microsoft scripting center.  It may help to answer some of your questions about what scripts are and why we use them.  I think you will find that computers can be very powerful because it is possible to do this.…/bb410849.aspx

    Read the material.  You will see that Windows has far exceeded what can be done on your smart phone or iPad.  You can aslo discover scripting on Wikipedia.…/Scripting

  2. bill says:

    How would I take what you've done and further it by adding what the user above suggested and erase the Description upon logout?

  3. Scott says:


    I don't know what said script would be run in.  Would this be WSH (Windows Script Host), PowerShell, ADSI (Active Directory Service Interface), WMI (Windows Management Instrumentation), VB (Visual Basic), DOS?

    I would love to implement this, but need to know what TYPE of script you are talking about when you say 'script'.

    Thank you in advance.


  4. Del says:

    I wish you could help me here. I have the script that I can change the description for one computer but I am having trouble to do multiple computer description change(same description) from a .txt file where all the comuter host name is there. Here is the script I have but need some help to modify…Pleae help me.


    strComputer = InputBox("Please enter the computer name:", "Description to be Added")

    strDescription = InputBox("Please enter the Description",strComputer)

    Set objConnection = CreateObject("ADODB.Connection")

    Set objCommand =   CreateObject("ADODB.Command")

    objConnection.Provider = "ADsDSOObject"

    objConnection.Open "Active Directory Provider"

    Set objCommand.ActiveConnection = objConnection

    objCommand.Properties("Page Size") = 1000

    objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

    objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://DC=org,DC=ad,DC=toronto,DC=ca' WHERE objectCategory='computer' and name = '" & strComputer & "'"

    Set objRecordSet = objCommand.Execute


    Do Until objRecordSet.EOF

        strDN = objRecordSet.Fields("distinguishedName").Value



    Set objComputer = GetObject("LDAP://" & strDN)

    objComputer.Put "Description" , strDescription


    Msgbox "Done"

  5. Frank says:

    Very handy script, I think I’m gonna use that, too 🙂
    But don’t you have to set the ‘Write Description’ privilege for all users in the "Authenticated Users" Group and the respective computer and user objects for it to work? At least I had to to that unless I wanted it to work only with Domain Administrators’ accounts.
    That way, you have to be aware that everyone who can logon to the domain can change the description of any computer or user account of that scope with the same simple scripting technique. If you don’t need to be absolutely sure about the correctness of the
    information in those strings but use it only for overview or debugging purposes, that of course, can be acceptable.

Skip to main content