Leveraging Active Directory Display Specifiers

Alright everybody, hope you’re all well…. anyway let’s get down to the nuts and bolts of this months post.

So what happens when you get to a customer site and you need to get information on how many servers a customer has in their Active Directory including the Server OS Version and Service Pack level?  You turn to the Microsoft Assessment and Planning Tool…..yeah then you run it and you find that all the ports are blocked and you’re not getting any good information out…….what do you turn to?

Active Directory Users and Computers of course! Ok, you can do this the long way or the short way.  You can go an manually one by one on each server and note down each server in turn but that’s going to take ages, so what about Active Directory queries?  Ah haaaaa – Yes!

So I created a custom query based on Computer –> Operating System starts with “Windows Server”.  This listed all the servers in the domain but still didn’t tell me what OS or Service Pack level was.  There had to be a way and then after a quick search of the web I found this article that solved my problem:

Thank you Pber! https://www.pberblog.com/post/2009/06/21/Add-extra-columns-to-Active-Directory-Users-and-Computers-display.aspx

What this told me was the methodology to add new columns to Active Directory Users and Computers.  So I wanted to see Operating System and Service Pack level.  Using Pber’s methods I modified the default display specifiers extracolumns attribute as follows:

operatingSystem,Operating System,0,-1,0

operatingSystemServicePack,Service Pack,0,-1,0

After Restarting Active Directory Users and Computers I could add the New Columns for Operating System and Service Pack.  Problem Sorted.  This works nicely for AD queries.  As Pber notes in his blog this doesn’t work at OU level and you have to modify the organizationalunit specifiers.

Job done I get a list of servers with all their OS versions and Service Pack levels – sorted!

That’s it – hope this helps anybody stumbling across this.

Comments

  • Anonymous
    January 01, 2003
    Nice tip! This will definitely please/help any request from management for information in AD. :)

  • Anonymous
    January 01, 2003
    Hi Mike - no Active Directory schema changes are needed to do this - you just need to be familiar with ADSIEDIT.  Thanks.

  • Anonymous
    November 08, 2010
    Cool blog.   Glad my blog could help.

  • Anonymous
    February 23, 2011
    Any way to do this without modifying the AD Schema??