MCSE Note: This is actually a program written by ADSI (Active Directory Services Interface: Active Directory Service Interface). If you install Resource Kit, this code can be used netcom This command to work, the following is an example of netcom:
Netdom/domain:mydomain/user:adminuser/password:apassword member Mycomputer/add
Copy Code code as follows:
***********************
' * Start Script
'***********************
Dim Scomputername, sUserOrGroup, spath, Computercontainer, RootDSE, Lflag
Dim Secdescriptor, DACL, ACE, Ocomputer, spwd
'
' * Declare constants used in defining of the default location for the
' * machine account, flags to identify the object as a machine account,
' * and security flags
' Const uf_workstation_trust_account = &h1000
Const uf_accountdisable = &h2
Const UF_PASSWD_NOTREQD = &h20
Const Ads_guid_computrs_container = "AA312825768811D1ADED00C04FD8D5CD"
Const ads_acetype_access_allowed = 0
Const Ads_aceflag_inherit_ace = 2
'
' * Set the flags on this object to identify it as a machine account
' * and determine the name. The name is used statically and but may
' * is determined by a command line parameter or by using a InputBox
' Lflag = Uf_workstation_trust_account or uf_accountdisable or UF_PASSWD_NOTREQD
Scomputername = "Testaccount"
'
' * Establish a path to the container in the Active Directory where
' * The machine account would be created. In this example, this would
' * Automatically locate a domain controller for the domain, read the
' * Domain name, and bind to the default ' Computers ' container
'*********************************************************************
Set RootDSE = GetObject ("LDAP://rootDSE")
spath = "ldap://Set computercontainer = GetObject (spath)
spath = "ldap://" & Computercontainer.get ("distinguishedname")
Set Computercontainer = GetObject (spath)
"* Here, the computer account is created. Certain attributes must
' * have a value before calling. SetInfo to commit (write) the object
' * to the Active Directory
' Set ocomputer = computercontainer.create ("Computer", "cn=" & Scomputername)
Ocomputer.put "sAMAccountName", Scomputername + "$"
Ocomputer.put "userAccountControl", Lflag
Ocomputer.setinfo
'
' * Establish a default password for the machine account
' Spwd = scomputername & "$"
Spwd = LCase (spwd)
Ocomputer.setpassword spwd
' * Specify which user or group may activate/join this computer to the
' * domain. In this example, the ' MYDOMAIN ' is the domain name and
' * "JoeSmith" is the account being given the permission. Note that
' * This is the downlevel naming convention used into this example.
' sUserOrGroup = ' mydomain\joesmith '
"* Bind to" discretionary ACL on the newly created computer account
' * and create an Access control Entry (ACE) that gives the specified
' * User or group Full control in the machine account
' Set secdescriptor = ocomputer.get (' ntSecurityDescriptor ')
Set DACL = Secdescriptor.discretionaryacl
Set ACE = CreateObject ("AccessControlEntry")
'
' * An AccessMask of '-1 ' grants Full Control
'
Ace. AccessMask =-1
Ace. AceType = ads_acetype_access_allowed
Ace. AceFlags = Ads_aceflag_inherit_ace
' * Grant This control to the user or group specified earlier.
' ACE. Trustee = sUserOrGroup
'
' * Now, add this ACE to the DACL in the machine account
' Dacl.addace ACE
Secdescriptor.discretionaryacl = DACL
'
' * Commit (write) The security changes to the machine account
' Ocomputer.put ' ntSecurityDescriptor ', Array (secdescriptor)
Ocomputer.setinfo
' * Once all parameters and permissions have been set, enable the
' * account.
'
ocomputer.accountdisabled = False
Ocomputer.setinfo
' * Create an Access control Entry (ACE) that gives the specified user
' * or group Full Control ' machine account
' WScript.Echo ' The command completed successfully.
'*****************
' * End Script
