At its core, Active Directory is a database designed to store a multitude of objects. Each of these objects have hundreds of attributes, or properties, attached to them. Some attributes are automatically filled when the object is created. For example, the displayName attribute will automatically have the name of the object in it. Other attributes, like the comment field or description are left blank. These blank comments allow you to easily extend the database scope to your own nefarious purposes! With a few scripts, you can setup Active Directory Inventory for Hardware. With PowerShell, you can then query or manipulate this data in nearly anyway! Continue reading
Now that Active Directory can tell us what computer models we have (and how many we own), it is time to extend our inventory! Today, we are going to implement one shutdown that script with Group Policy. This script will query for our computer’s serial number (or service tag) and will also grab the unique ID associated with an attached monitor. It will then store both pieces of information in that computer’s Active Directory account. As a final result, you can look at any computer in your domain and see the information in the Description field. This makes it incredibly easy to find serial numbers in Active Directory!
So if you are tired of manually doing an inventory, let’s automate some stuff!
“How can I get import numbers into the Active Directory mobile phone attribute?” That was the most common question to the Reset User Password with Self Service blog post. While it would be easy to do this with a massive CSV, that method still means you (the IT Administrator) will have to maintain it. Today, I have two automatic ways for you – both delegate the work to the end user and allow you to keep working on cooler things!
We have been writing a ton of information to Active Directory lately! From computer serial numbers, device models, and our current logged in user, we’ve greatly extended the everyday practical benefits of Active Directory. But does this come at a price? Reading the comments of a few different websites, you would certainly think so. Here is a sample:
if you do it [write to a computer] after every logon, you can quickly exhaust the USN for the whole AD domain! And then the domain is dead.
Wow! So, according to this guy – our whole domain will die? That doesn’t seem right. Unfortunately, I do not know enough to accept or deny this statement so I did some research (and contacted Microsoft).