In this guide, I’m going to show you how to edit the AD description field using Powershell. This script is very simple and only a few lines long.
If you find yourself googling things like “how do I change the description in AD”, “how do I change user attributes in AD”, or “how do I modify AD user description”, then is the guide for you.
Use Cases to Modify Active Directory User Description Field
There may be times where you need to edit or modify a user’s description. In my case, we never really used that field when I took over as system adminstrator. However, it can actually be a very powerful field to start using.
For example, PDQ Inventory can pull in the Description field. I created a field in Inventory called “asset tags”. Whenever a new user was created, my IT department would have to edit the AD description manually through the Active Directory Users and Computers widget (ADUC). Then, they had another task to manually update the Asset Tag field in Inventory. Here’s what it looks like before my script (from Inventory):
While using that custom field definitely works, it’s a few too many additional steps. Often times, my IT team would forget to add the asset tag manually in that field.
As you can see in the image above, the description box is empty and any users that don’t have asset tags are defaulted to 0 which isn’t very helpful.
So, I wrote this handy Powershell script to simplify the process.
How The Script Works
When you run the script, it first shows a popup box like below prompting the user to enter some more info – starting with the computer name you want to edit. I wanted to add the Username, Asset Tag number, and today’s date to this field.
This allows me to quickly load PDQ Inventory and search for a username or computername to see exactly when the user started and what their asset tag number is.
Once you click OK, another box prompts for the asset tag number. Since Virtual machines don’t have asset tags, I just have my IT team type VM instead to signify that it’s not a physical asset.
Once you click OK again, a 3rd box pops up prompting for a username:
Once the script has all the info it needs, it imports the Active Directory module and uses Set-ADUser
Powershell cmdlet to update the user attributes.
As you can see, the description is now updated in Active Directory.
And then when I open up PDQ Inventory and search for the user “danny”, all the info I need shows up.
Update AD Description Powershell Script Code
[void][Reflection.Assembly]::LoadWithPartialName('Microsoft.VisualBasic')
$PromptUser = {
[Microsoft.VisualBasic.Interaction]::InputBox(
($args -join ' '), #Prompt message
"Edit AD Description Powershell Script" #Title Bar
)
}
$ComputerObject = &$PromptUser "Type Computer Name"
$AssetTag = &$PromptUser "Enter Asset Tag. Type VM for VM's."
$User = &$PromptUser "Enter username"
$Date = Get-Date -Format MM/dd/yyyy
Set-ADComputer $ComputerObject -Description "$User ($AssetTag), $Date"
[Environment]::Exit(1)
Wrapping Up
All in all, this is a great way to quickly update the description for users one at a time. There are definitely better ways to do this, such as if you put the info a CSV and then import the CSV into Powershell, but this method definitely works. You can even create new variables to add whatever else you want into this field – location, building number, bitlocker pin codes, you name it.
The best part about the the popup boxes I use is that you can just hit “enter” in between boxes, so my IT team never needs to use a mouse. I put this script into my Powershell GUI Menu so I can just run in it with a single click, like this:
My Homelab Equipment
Here is some of the gear I use in my Homelab. I highly recommend each of them.
- Server 2019 w/ Hyper-V
- Case: Fractal Design Node 804
- Graphics Card: NVIDEA Quadro K600
- CPU: AMD Ryzen 7 2700
The full list of server components I use can be found on my Equipment List page.