In AD is it possible to associate a user account with a computer account in some way? The idea is that I want to write a program to query AD for the computer(s) that a user owns.
Tying together Active Directory Computer Accounts and User Accounts
active-directorywindows-server-2003windows-server-2008
Related Topic
- Active Directory – How to Add a Computer to Domains with Active Directory
- Windows – How to find the last user logged onto a computer in Active Directory
- Windows Server 2008 – Ensuring 100% Uptime for a Web Application
- Active Directory: How does the computer logon process and the user logon process differ
- Windows – How to Delete Domain User Profile from a Computer
- Managing Advanced Security Settings Active Directory User Accounts
- Windows – Disabling computer in active directory is still allowing domain account to login
Best Answer
In AD Users & Computers, you'll find a 'Managed By' field for each computer object. You can add the user's AD account to this field, and use it to identify the owner of the workstation.
As I understand it, there's no extra permissions granted by adding a user into the 'Managed By' field. It's just there to keep a record.
Another way that I've employed is to standardize the 'Description' field so that it holds a consistent set of information. For example, in a computer's description field you could have:
Desktop, Brisbane, Dell Optiplex 720, Fred Bloggs, 01-02-2007
From that, parsing through and pulling out a location, computer type, model, user's name, or date of purchase is pretty simple. You can also have your logon script copy the same information into the OS's machine description field, too.
One other option - AD allows you to extend and enhance it's schema, like other databases. You can use this to add custom fields. This is a bit more involved, and you're running the risk of violating the 'don't mess with the defaults unless you have no choice' rule of network administration.