Hello Everyone.

I have a specific use case where I need to be able to set a description on new computer objects and add those computer objects to a security group without access to Powershell AD Cmdlets (no domain admin, and no rsat for powershell plugins).

I've solved Part 2 already: https://www.dreamension.net/?p=1001
instead of just running it and hoping it worked, I dug into Microsoft's .Net Documentation and figured out most* of what was going on. Why the .Filter property was written the way it was, what .FindOne() does, etc. Although I'm still a little confused on what $Group = [ADSI]"$GroupPath" is actually doing.. (how [ADSI]"" is doing anything, specifically)

Anyway,

I still haven't been able to figure out Part 1. Mostly because I have no conceptualization on how to go about utilizing .Net (Yet!!)

I first read into the DirectoryEntry Class but quickly abandoned it as it didn't seem to have anything to do with modifying attributes, but more importantly, didn't offer a Description Property.

I did some more googling and came across the ComputerPrincipal Class, which I think may be what I'm looking for.
It offers a Description Property, with the listed ability to get or set the description on the principal.

I'm not going to have a chance to test this until next week, but I thought I'd ask for some guidance from you fine folks.
Here is my rough attempt at sudo code. I know it aint right though!

$ComputerName = $env:COMPUTERNAME

$ComPrin = New-Object System.DirectoryServices.AccountManagement.ComputerPrincipal([ADSI],$ComputerName$)
$ComPrin.Description.set("This computer is trash")

$ComPrin.Save()

​

Any hints, tips, or tricks? Thanks guys!