Home > OS >  How can I tell Active Directroy to pass the computer name into each users attribute?
How can I tell Active Directroy to pass the computer name into each users attribute?

Time:09-14

When i googled a bit i came uppon this code for a similar situation.

$user = "user"
$manager = Get-Aduser $user -Properties manager | Select-Object -ExpandProperty Manager
Switch -wildcard ($manager){
    "*Manager Name*" {Set-ADUser -Identity $user -Replace @{extensionAttribute4="Bagelphobia"} -WhatIf}
}

Now my question would be if someone knew of a way to adapt this so that the Computer name will be passed into a custom attribute of the User. Computer owners are written in the description, so i thought this might be used to specify to which account the pc is linked.

Also how would you run such a script?

picture of the description

CodePudding user response:

Since you did not explain which custom user atribute you will be using to store the computername, and also if one user can own multiple computers, below code is assuming one user can be the owner of just one computer. If that is not the case, please explain the attribute you're using: its name and type (a string? a multivalued property or?)

Get-ADComputer -Filter * -Properties Description | ForEach-Object {
    $computerName = $_.Name         # just for convenience
    $ownerName    = $_.Description
    # Try and find the AD user mentioned in the Description property of the computer
    # Format seems to be Surname GivenName
    if (![string]::IsNullOrWhiteSpace($ownerName)) {
        $lastname, $firstname = ($ownerName -split '\s ', 2).Trim()
        $user = Get-ADUser -Filter "GivenName -eq '$firstname' -and Surname -eq '$lastname'"
        if ($user) {
            Write-Host "Adding '$computerName' to user $($user.Name)"
            # You didn't say which custom attribute the computername should go to, 
            # so change example 'extensionAttribute1' here
            $user | Set-ADUser -Replace @{ extensionAttribute1 = $computerName} 
        }
        else {
            Write-Warning "Could not find user '$ownerName'"
        }
    }
    else {
        Write-Warning "Computer $computerName does not have a Description filled in"
    }
}

CodePudding user response:

Would this work?

$co=@{} # computer-owners
get-adcomputer -ldapfilter '(ManagedBy=*)' -properties ManagedBy |select name,ManagedBy|foreach {$m=get-aduser $_.ManagedBy|select -ExpandProperty samaccountname; if($co.ContainsKey($m)){$co[$m] =$_.name}else{$co.add($m,@($_.name))}}
$users=$co.Keys|Get-ADUser -Properties extensionattribute4 
foreach($u in $users) {
    $ext = "Associated computers: {0}" -f ($co[$u.samaccountname] -join ", ")
    if($u.extensionattribute4 -ne $ext) {
        set-aduser -Identity $u.samaccountname -Replace @{'extensionattribute4'=$ext} -WhatIf
    }

}

In this script you will have the associated computers written to a custom attribute of the user. Note that I changed to reading from ManagedBy instead of Description. I wouldn't trust Description to point to a user. ManagedBy on the other hand would be more sane.

Page link:https//www.codepudding.com/os/543442.html

Prev:Remove AzureAD user from all groups -powershell
Next:Find the particular element of a page using xpath and a set integer value which increments after eac
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding