Code for automatically creating a computer account using a VBS script

Mcse note: in fact, this is a program written according to ADSI (Active Directory Services Interface: Active Directory Service Interface. If you have installed resource kit, you can run this code using the netcom command. The following is an example of netcom:

NETDOM/Domain: MYDOMAIN/user: adminuser/password: apassword member mycomputer/ADD

Copy codeThe Code is as follows :***********************

'* Start Script

'***********************

Dim sComputerName, sUserOrGroup, sPath, computerContainer, rootDSE, lFlag

Dim secDescriptor, dACL, ACE, oComputer, sPwd

'

'* Declare constants used in defining the default location for

'* Machine account, flags to identify the object as a machine account,

'* And security flags

'Const UF_WORKSTATION_TRUST_ACCOUNT = & H1000

Const UF_ACCOUNTDISABLE = & H2

Const UF_PASSWD_NOTREQD = & H20

Const ADS_GUID_COMPUTRS_CONTAINER = "aa312825768811d1aded00c04fd8d5cd"

Const ADS_ACETYPE_ACCESS_ALLOWED = 0

Const ADS_ACEFLAG_INHERIT_ACE = 2

'

'* Set the flags on this object to identify it as a machine account

'* And determine the name. The name is used statically here, but may

'* Be determined by a command line parameter or by using an InputBox

'Lflag = UF_WORKSTATION_TRUST_ACCOUNT Or UF_ACCOUNTDISABLE Or UF_PASSWD_NOTREQD

SComputerName = "TestAccount"

'

'* Establish a path to the container in the Active Directory where

'* The machine account will be created. In this example, this will

'* Automatically locate a domain controller for the domain, read

'* Domain name, and bind to the default "Computers" container

'*************************************** ******************************

Set rootDSE = GetObject ("LDAP: // RootDSE ")

SPath = "LDAP: // Set computerContainer = GetObject (sPath)

SPath = "LDAP: //" & computerContainer. Get ("distinguishedName ")

Set computerContainer = GetObject (sPath)

''' * Here, the computer account is created. Certain attributes must

'* Have a value before calling. SetInfo to commit (write) the object

'* To the Active Directory

'Set oComputer = computerContainer. Create ("computer", "CN =" & sComputerName)

OComputer. Put "samAccountName", sComputerName + "$"

OComputer. Put "userAccountControl", lFlag

OComputer. SetInfo

'

'* Establish a default password for the machine account

'Spwd = sComputerName & "$"

SPwd = LCase (sPwd)

OComputer. SetPassword sPwd

''' * Specify which user or group may activate/join this computer to

'* Domain. In this example, "MYDOMAIN" is the domain name and

'* "JoeSmith" is the account being given the permission. Note that

'* This is the downlevel naming convention used in this example.

'Suserorgroup = "MYDOMAIN \ joesmith"

''* Bind to the Discretionary ACL on the newly created computer account

'* And create an Access Control Entry (ACE) that gives the specified

'* User or group full control on the machine account

'Set secDescriptor = oComputer. Get ("ntSecurityDescriptor ")

Set dACL = secDescriptor. DiscretionaryAcl

Set ACE = CreateObject ("AccessControlEntry ")

'

'* An AccessMask of "-1" grants Full Control

'

ACE. AccessMask =-1

ACE. AceType = ADS_ACETYPE_ACCESS_ALLOWED

ACE. AceFlags = ADS_ACEFLAG_INHERIT_ACE

''* Grant this control to the user or group specified earlier.

'Ace. Trustee = sUserOrGroup

'

'* Now, add this ACE to the DACL on the machine account

'Dacl. AddAce ACE

SecDescriptor. DiscretionaryAcl = dACL

'

'* Commit (write) the security changes to the machine account

'Ocomputer. Put "ntSecurityDescriptor", Array (secDescriptor)

OComputer. SetInfo

''* Once all parameters and permissions have been set, enable

'* Account.

'

OComputer. AccountDisabled = False

OComputer. SetInfo

''' * Create an Access Control Entry (ACE) that gives the specified user

'* Or group full control on the machine account

'Wscript. echo "The command completed successfully ."

'*****************

'* End Script