Active Directory Description During Deployment.

Problem: I would like my AD computers to have a neat description when they add themselves onto the domain during deployment

Solution:  OK so, upon examining the task it would seem that the first job we need to do is to get the AD Powershell cmdlets onto the client computer. This can be done in many ways.  Here are a couple of good blogs I found on the subject:

  2. (even more detail)

Ashleys blog in particular goes into great detail about the options you are faced with and whilst I like the idea of ‘Implicit Remoting’ it seems a tad over complicated for what I need so I intend to run the cmdlets locally, which means I have to accomplish a several tasks for my goal.

1. Install RSAT (Remote Server Administration Tools)
2. Enable the features I need.
3. Collect information I want to use as my description label

Installing RSAT is easy.  There are numerous ways you can do this, you can download the .msu file and import it into the packages section of MDT.  A pretty straight forward task (or so it would seem!).  The issue I have with this is that on many customer sites I have had images failing with strange errors and upon examining the logs there are errors reading the packages which caused the deployments to fail.  I have built new deployment servers, re-downloaded the packages and imported them to ensure they are correct however the errors kept cropping up time and time again.  I therefore decided to have the updates required for this added in as MDT application, which so far, hasn’t let me down.  So, RSAT clients can be downloaded from here:


To add them in as an application is straight forward enough and I am assuming you know how to add in an application.  The command line you need to throw to install the application is:  wusa.exe PACKAGENAME.msu /quiet /norestart. Where you replace ‘PACKAGENAME’ with the name of the package, obviously.  I have added in x86 and x64 versions for Windows 7 SP1 and Windows 8.1 into my MDT Deployment Workbench under a RSAT folder.  As this is the first task we need to achieve, this action needs to take place first in the task sequence before the script is called.

The rest of the tasks can be achieved with a script.  First part of the script needs to enable the features of RSAT that we need to use. 

Opening up powershell on a windows client the following command gets a list of features and their installed state.

   1: dism /online /get-features

The ones we need to enable are:


So, using dism /online /enable-feature /featurename: as a prefix we can enable those four features.

   1: dism /online /enable-feature /featurename:RemoteServerAdministrationTools
   2: dism /online /enable-feature /featurename:RemoteServerAdministrationTools-Roles
   3: dism /online /enable-feature /featurename:RemoteServerAdministrationTools-Roles-AD
   4: dism /online /enable-feature /featurename:RemoteServerAdministrationTools-Roles-AD-Powershell

Next we need to collect information that we want to be in our AD Description.  So using WMI queries and a basis of make, model and serial number as a starting point.  We use the following lines of code to get that information:

Computer name (this is collected because we need to know which computer we are labelling in AD)

   1: $name = (Get-WmiObject -Class Win32_ComputerSystem).Name


   1: $manufacturer = (Get-WmiObject -Class Win32_ComputerSystem).Manufacturer


   1: $model = (Get-WmiObject -Class Win32_ComputerSystem).Model

and finally serial number.
   1: $serial = (Get-WmiObject win32_bios).SerialNumber

Ok so we have the prerequisites installed, we have collected the information we want and now we need to use the Set-ADComputer cmdlet to set the AD description on the domain controller.  The first thing we will need is permission to do this so we need to set our credentials and this can be done with a PSCredentials object like so:

   1: $username = "domain\administrator"
   2: $password = ConvertTo-SecureString "P@ssw0rd" -AsPlainText -Force
   3: $credentials = New-Object -typename System.Management.Automation.PSCredential $username, $password

Obviously you will need need to change the “domain\administrator” and the “P@ssw0rd” to match your environment.  This can be passed over to the server when undertaking the task.  So how to we pump the data we collected into an AD description?  well..

First we import the module:

   1: Import-Module activedirectory

We set a variable to contain our AD description like so:

   1: $ADDescription = $manufacturer + " " + $model + " - SN: " + $serial

and finally, we call the Set-ADComputer cmdlet and use it (with our credentials) to label the description of the computer object:

   1: Set-ADComputer -Identity $name -Description $ADDescription -Credential $credentials

Finished result?


Have the finished script running at the end of any deployment, and all your AD objects will be neatly labelled for you.  And don’t forget, using WMI the possibilities are endless…..

Finished script here: