Modifying Computer Objects with Active Directory

(Page 1 of 6 )

In this conclusion to a four-part series on how Active Directory handles computers, you will learn how to modify the attributes of a computer object, change the default container for computers, and more. This article is excerpted from chapter eight of the Active Directory Cookbook, Second Edition, written by Robbie Allen and Laura E. Hunter (O'Reilly; ISBN: 059610202X). Copyright © 2006 O'Reilly Media, Inc. All rights reserved. Used with permission from the publisher. Available from booksellers or direct from O'Reilly Media.

Modifying the Attributes of a Computer Object

Problem

You want to modify one or more attributes of a computer object.

Solution

Using a graphical user interface

1. Open ADSI Edit.

2. If an entry for the naming context you want to browse is not already displayed, do the following: 
   
   a. Right-click on ADSI Edit in the right pane and click “Connect to....”
   
   b. Fill in the information for the naming context, container, or OU you want to add an object to. Click on the Advanced button if you need to enter alternate credentials.
   
   c. In the left pane, browse to the container or OU that contains the computer object you want to modify. Once you’ve found the object, right-click on it and select Properties.

3. Right-click the attribute you want to modify and select Edit.

4. Enter the new value and click OK.

5. Click Apply, followed by OK.

Using a command-line interface

Create an LDIF file called modify_object.ldf with the following contents:

  dn: <ComputerDN>
  changetype: modify
  add: <AttributeName>
  <AttributeName>: <AttributeValue>
  -

Then run the following command:

  > ldifde -v -i -f modify_object.ldf

To modify an object using AdMod, you’ll use the following general syntax:

  > admod –b <ComputerDN> <attribute>:<operation>:<value>

For example, you can add a location to a computer object using the following syntax:

  > admod -b cn="Fin101,cn=Computers,dc=rallencorp,dc=com"
  location::"Berlin, Germany"

Using VBScript

  ' The following code will modify the location attribute
  ' of a computer object.
  Set objComputer = GetObject ("LDAP://<ComputerDN>")

  objComputer.Put "Location" , "<NewLocationValue>"
  objComputer.SetInfo

Discussion

Like all objects within Active Directory, computer objects have various attributes that can be queried, modified, and deleted during the day-to-day management of your domain. Because computer objects inherit from the user class, they include similar informational attributes to the user objects, as well as attributes that are specific to computer objects, including:

1. Location
   
2. Description
   
3. operatingSystemVersion
   
4. operatingSystemServicePack
   
5. sAMAccountName
   
6. pwdLastSet
   
7. primaryGroupID

See Also

Recipe 8.10 for finding inactive or unused computers, Recipe 8.13 for finding computers with a particular OS, and MSDN: Computer System Hardware Classes [WMI]

Next: Finding Computers with a Particular OS >>
 

More Windows Scripting Articles
More By O'Reilly Media

Comments On: Modifying Computer Objects with Active Directory

· This article is an excerpt from the "Active Directory Cookbook, Second Edition,"...   >>> Post your comment now!

Buy this book...

This article is excerpted from chapter eight of the Active Directory Cookbook, Second Edition, written by Robbie Allen and Laura E. Hunter (O'Reilly; ISBN: 059610202X). Check it out today at your favorite bookstore. Buy this book now.