jessikitty/ad-managed-by-logon
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Split into separate try/catch blocks so ManagedBy failure does not block Notes

Browse Source
This commit is contained in:
jessikitty
2026-04-21 15:21:04 +10:00
parent 16adc9825f
commit bf7f0762c1
1 changed files with 111 additions and 85 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Set-ComputerManagedBy.ps1
+52 -26
View File
@@ -9,6 +9,8 @@
1. Sets the computer object's "managedBy" attribute to the user's DN 1. Sets the computer object's "managedBy" attribute to the user's DN
2. Sets the user object's "info" attribute (Notes / Telephones tab) to the computer name 2. Sets the user object's "info" attribute (Notes / Telephones tab) to the computer name
Each operation runs independently - if one fails the other still runs.
PREREQUISITES: PREREQUISITES:
- AD permissions must be delegated so that Authenticated Users (or Domain Users) - AD permissions must be delegated so that Authenticated Users (or Domain Users)
can WRITE the "managedBy" attribute on Computer objects in the relevant OU(s). can WRITE the "managedBy" attribute on Computer objects in the relevant OU(s).
@@ -63,30 +65,26 @@ try {
# -- Build the notes string ---------------------------------------------------- # -- Build the notes string ----------------------------------------------------
$notesValue = "Last logon: $computerName ($loginTimestamp)" $notesValue = "Last logon: $computerName ($loginTimestamp)"
try { # -- Resolve user and computer DNs --------------------------------------------
$userDN = $null
$userObj = $null
$computerDN = $null
if ($useADModule) { if ($useADModule) {
# -- AD Module path ---------------------------------------------------- try {
$userObj = Get-ADUser -Identity $currentUser -Properties info -ErrorAction Stop $userObj = Get-ADUser -Identity $currentUser -Properties info -ErrorAction Stop
$userDN = $userObj.DistinguishedName
} catch {
Write-Log "Could not find user '$currentUser' in AD: $($_.Exception.Message)" "ERROR"
exit 1
}
try {
$computerObj = Get-ADComputer -Identity $computerName -Properties managedBy -ErrorAction Stop $computerObj = Get-ADComputer -Identity $computerName -Properties managedBy -ErrorAction Stop
$computerDN = $computerObj.DistinguishedName
# Set computer ManagedBy } catch {
if ($computerObj.managedBy -eq $userObj.DistinguishedName) { Write-Log "Could not find computer '$computerName' in AD: $($_.Exception.Message)" "ERROR"
Write-Log "ManagedBy already set to $currentUser. No change needed."
} else {
Set-ADComputer -Identity $computerName -ManagedBy $userObj.DistinguishedName -ErrorAction Stop
Write-Log "SUCCESS: Set ManagedBy on '$computerName' to '$($userObj.DistinguishedName)'"
} }
# Set user Notes (info attribute)
if ($userObj.info -eq $notesValue) {
Write-Log "User notes already current. No change needed."
} else { } else {
Set-ADUser -Identity $currentUser -Replace @{info = $notesValue} -ErrorAction Stop
Write-Log "SUCCESS: Set Notes on '$currentUser' to '$notesValue'"
}
} else {
# -- ADSI fallback (no module required) --------------------------------
$rootDSE = [ADSI]"LDAP://RootDSE" $rootDSE = [ADSI]"LDAP://RootDSE"
$domainDN = $rootDSE.defaultNamingContext $domainDN = $rootDSE.defaultNamingContext
@@ -112,12 +110,22 @@ try {
if (-not $computerResult) { if (-not $computerResult) {
Write-Log "Could not find computer '$computerName' in AD." "ERROR" Write-Log "Could not find computer '$computerName' in AD." "ERROR"
exit 1 } else {
$computerDN = $computerResult.Properties["distinguishedname"][0]
}
} }
$computerDN = $computerResult.Properties["distinguishedname"][0] # -- Task 1: Set computer ManagedBy (separate try/catch) -----------------------
if ($computerDN -and $userDN) {
# Set computer ManagedBy try {
if ($useADModule) {
if ($computerObj.managedBy -eq $userDN) {
Write-Log "ManagedBy already set to $currentUser. No change needed."
} else {
Set-ADComputer -Identity $computerName -ManagedBy $userDN -ErrorAction Stop
Write-Log "SUCCESS: Set ManagedBy on '$computerName' to '$userDN'"
}
} else {
$currentManagedBy = $null $currentManagedBy = $null
if ($computerResult.Properties["managedby"].Count -gt 0) { if ($computerResult.Properties["managedby"].Count -gt 0) {
$currentManagedBy = $computerResult.Properties["managedby"][0] $currentManagedBy = $computerResult.Properties["managedby"][0]
@@ -131,8 +139,25 @@ try {
$computerEntry.SetInfo() $computerEntry.SetInfo()
Write-Log "SUCCESS: Set ManagedBy on '$computerName' to '$userDN'" Write-Log "SUCCESS: Set ManagedBy on '$computerName' to '$userDN'"
} }
}
} catch {
Write-Log "FAILED to set ManagedBy: $($_.Exception.Message)" "ERROR"
}
} else {
Write-Log "Skipping ManagedBy - computer object not found." "WARN"
}
# Set user Notes (info attribute) # -- Task 2: Set user Notes (separate try/catch) -------------------------------
if ($userDN) {
try {
if ($useADModule) {
if ($userObj.info -eq $notesValue) {
Write-Log "User notes already current. No change needed."
} else {
Set-ADUser -Identity $currentUser -Replace @{info = $notesValue} -ErrorAction Stop
Write-Log "SUCCESS: Set Notes on '$currentUser' to '$notesValue'"
}
} else {
$currentNotes = $null $currentNotes = $null
if ($userResult.Properties["info"].Count -gt 0) { if ($userResult.Properties["info"].Count -gt 0) {
$currentNotes = $userResult.Properties["info"][0] $currentNotes = $userResult.Properties["info"][0]
@@ -148,8 +173,9 @@ try {
} }
} }
} catch { } catch {
Write-Log "FAILED: $($_.Exception.Message)" "ERROR" Write-Log "FAILED to set Notes: $($_.Exception.Message)" "ERROR"
exit 1 }
} }
Write-Log "Script finished."
exit 0 exit 0