jessikitty/ad-managed-by-logon
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Split into separate try/catch blocks so ManagedBy failure does not block Notes

Browse Source
This commit is contained in:
jessikitty
2026-04-21 15:21:04 +10:00
parent 16adc9825f
commit bf7f0762c1
1 changed files with 111 additions and 85 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Set-ComputerManagedBy.ps1
+111 -85
View File
@@ -9,6 +9,8 @@
1. Sets the computer object's "managedBy" attribute to the user's DN 1. Sets the computer object's "managedBy" attribute to the user's DN
2. Sets the user object's "info" attribute (Notes / Telephones tab) to the computer name 2. Sets the user object's "info" attribute (Notes / Telephones tab) to the computer name
Each operation runs independently - if one fails the other still runs.
PREREQUISITES: PREREQUISITES:
- AD permissions must be delegated so that Authenticated Users (or Domain Users) - AD permissions must be delegated so that Authenticated Users (or Domain Users)
can WRITE the "managedBy" attribute on Computer objects in the relevant OU(s). can WRITE the "managedBy" attribute on Computer objects in the relevant OU(s).
@@ -63,93 +65,117 @@ try {
# -- Build the notes string ---------------------------------------------------- # -- Build the notes string ----------------------------------------------------
$notesValue = "Last logon: $computerName ($loginTimestamp)" $notesValue = "Last logon: $computerName ($loginTimestamp)"
try { # -- Resolve user and computer DNs --------------------------------------------
if ($useADModule) { $userDN = $null
# -- AD Module path ---------------------------------------------------- $userObj = $null
$computerDN = $null
if ($useADModule) {
try {
$userObj = Get-ADUser -Identity $currentUser -Properties info -ErrorAction Stop $userObj = Get-ADUser -Identity $currentUser -Properties info -ErrorAction Stop
$computerObj = Get-ADComputer -Identity $computerName -Properties managedBy -ErrorAction Stop $userDN = $userObj.DistinguishedName
} catch {
# Set computer ManagedBy Write-Log "Could not find user '$currentUser' in AD: $($_.Exception.Message)" "ERROR"
if ($computerObj.managedBy -eq $userObj.DistinguishedName) { exit 1
Write-Log "ManagedBy already set to $currentUser. No change needed." }
} else { try {
Set-ADComputer -Identity $computerName -ManagedBy $userObj.DistinguishedName -ErrorAction Stop $computerObj = Get-ADComputer -Identity $computerName -Properties managedBy -ErrorAction Stop
Write-Log "SUCCESS: Set ManagedBy on '$computerName' to '$($userObj.DistinguishedName)'" $computerDN = $computerObj.DistinguishedName
} } catch {
Write-Log "Could not find computer '$computerName' in AD: $($_.Exception.Message)" "ERROR"
# Set user Notes (info attribute) }
if ($userObj.info -eq $notesValue) { } else {
Write-Log "User notes already current. No change needed." $rootDSE = [ADSI]"LDAP://RootDSE"
} else { $domainDN = $rootDSE.defaultNamingContext
Set-ADUser -Identity $currentUser -Replace @{info = $notesValue} -ErrorAction Stop
Write-Log "SUCCESS: Set Notes on '$currentUser' to '$notesValue'" $searcher = New-Object DirectoryServices.DirectorySearcher
} $searcher.SearchRoot = [ADSI]"LDAP://$domainDN"
} else { # Find the user
# -- ADSI fallback (no module required) -------------------------------- $searcher.Filter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=$currentUser))"
$rootDSE = [ADSI]"LDAP://RootDSE" $searcher.PropertiesToLoad.AddRange(@("distinguishedName", "info"))
$domainDN = $rootDSE.defaultNamingContext $userResult = $searcher.FindOne()
$searcher = New-Object DirectoryServices.DirectorySearcher if (-not $userResult) {
$searcher.SearchRoot = [ADSI]"LDAP://$domainDN" Write-Log "Could not find user '$currentUser' in AD." "ERROR"
exit 1
# Find the user }
$searcher.Filter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=$currentUser))" $userDN = $userResult.Properties["distinguishedname"][0]
$searcher.PropertiesToLoad.AddRange(@("distinguishedName", "info"))
$userResult = $searcher.FindOne() # Find the computer
$searcher.Filter = "(&(objectCategory=computer)(sAMAccountName=$computerName$))"
if (-not $userResult) { $searcher.PropertiesToLoad.Clear()
Write-Log "Could not find user '$currentUser' in AD." "ERROR" $searcher.PropertiesToLoad.AddRange(@("distinguishedName", "managedBy"))
exit 1 $computerResult = $searcher.FindOne()
}
$userDN = $userResult.Properties["distinguishedname"][0] if (-not $computerResult) {
Write-Log "Could not find computer '$computerName' in AD." "ERROR"
# Find the computer } else {
$searcher.Filter = "(&(objectCategory=computer)(sAMAccountName=$computerName$))" $computerDN = $computerResult.Properties["distinguishedname"][0]
$searcher.PropertiesToLoad.Clear()
$searcher.PropertiesToLoad.AddRange(@("distinguishedName", "managedBy"))
$computerResult = $searcher.FindOne()
if (-not $computerResult) {
Write-Log "Could not find computer '$computerName' in AD." "ERROR"
exit 1
}
$computerDN = $computerResult.Properties["distinguishedname"][0]
# Set computer ManagedBy
$currentManagedBy = $null
if ($computerResult.Properties["managedby"].Count -gt 0) {
$currentManagedBy = $computerResult.Properties["managedby"][0]
}
if ($currentManagedBy -eq $userDN) {
Write-Log "ManagedBy already set to $currentUser. No change needed."
} else {
$computerEntry = [ADSI]"LDAP://$computerDN"
$computerEntry.Put("managedBy", $userDN)
$computerEntry.SetInfo()
Write-Log "SUCCESS: Set ManagedBy on '$computerName' to '$userDN'"
}
# Set user Notes (info attribute)
$currentNotes = $null
if ($userResult.Properties["info"].Count -gt 0) {
$currentNotes = $userResult.Properties["info"][0]
}
if ($currentNotes -eq $notesValue) {
Write-Log "User notes already current. No change needed."
} else {
$userEntry = [ADSI]"LDAP://$userDN"
$userEntry.Put("info", $notesValue)
$userEntry.SetInfo()
Write-Log "SUCCESS: Set Notes on '$currentUser' to '$notesValue'"
}
} }
} catch {
Write-Log "FAILED: $($_.Exception.Message)" "ERROR"
exit 1
} }
# -- Task 1: Set computer ManagedBy (separate try/catch) -----------------------
if ($computerDN -and $userDN) {
try {
if ($useADModule) {
if ($computerObj.managedBy -eq $userDN) {
Write-Log "ManagedBy already set to $currentUser. No change needed."
} else {
Set-ADComputer -Identity $computerName -ManagedBy $userDN -ErrorAction Stop
Write-Log "SUCCESS: Set ManagedBy on '$computerName' to '$userDN'"
}
} else {
$currentManagedBy = $null
if ($computerResult.Properties["managedby"].Count -gt 0) {
$currentManagedBy = $computerResult.Properties["managedby"][0]
}
if ($currentManagedBy -eq $userDN) {
Write-Log "ManagedBy already set to $currentUser. No change needed."
} else {
$computerEntry = [ADSI]"LDAP://$computerDN"
$computerEntry.Put("managedBy", $userDN)
$computerEntry.SetInfo()
Write-Log "SUCCESS: Set ManagedBy on '$computerName' to '$userDN'"
}
}
} catch {
Write-Log "FAILED to set ManagedBy: $($_.Exception.Message)" "ERROR"
}
} else {
Write-Log "Skipping ManagedBy - computer object not found." "WARN"
}
# -- Task 2: Set user Notes (separate try/catch) -------------------------------
if ($userDN) {
try {
if ($useADModule) {
if ($userObj.info -eq $notesValue) {
Write-Log "User notes already current. No change needed."
} else {
Set-ADUser -Identity $currentUser -Replace @{info = $notesValue} -ErrorAction Stop
Write-Log "SUCCESS: Set Notes on '$currentUser' to '$notesValue'"
}
} else {
$currentNotes = $null
if ($userResult.Properties["info"].Count -gt 0) {
$currentNotes = $userResult.Properties["info"][0]
}
if ($currentNotes -eq $notesValue) {
Write-Log "User notes already current. No change needed."
} else {
$userEntry = [ADSI]"LDAP://$userDN"
$userEntry.Put("info", $notesValue)
$userEntry.SetInfo()
Write-Log "SUCCESS: Set Notes on '$currentUser' to '$notesValue'"
}
}
} catch {
Write-Log "FAILED to set Notes: $($_.Exception.Message)" "ERROR"
}
}
Write-Log "Script finished."
exit 0 exit 0