Adding Computer Accounts into AD

[grizzle1]

I'm trying to script the adding of computer accounts into our AD.

This has worked OK using the script below

Set objOU = GetObject("LDAP://ou=Test,dc=homeland,dc=local")
Set objPC = objOU.Create("Computer", "cn=computer1")
objPC.Put "sAMAccountName", "computer1"
objPC.Put "userAccountControl", 4096
objPC.SetInfo

This has created it and also enabled it.

However, whenever you add a new computer via AD, the default is to belong to the Domain Admins to join this PC to the domain. You can alter this group using AD, does anyone know how to script in an alternative group name?

Thanks in advance

 

[DLayzell]

strDomain="Workgroup"
strUser="jdoe"
strGroupName ="Administrators"

Set oDomain = GetObject("WinNT://" & strDomain)
Set oGroup = oDomain.GetObject("Group", strGroupName)
oGroup.Add ("WinNT://" & strDomain & "/" & strUser)
Set oDomain=Nothing
Set oGroup=Nothing

You must specify the group, and add the user thusly. (Modifying of course, for your code - I was lazy)

I'm looking myself to find a way to add a user locally, without using AD. (ie. User Accounts in Control Panel)

 

[grizzle1]

Thanks for the reply.

However, it is a Computer account not a User account I'm trying to add.

I want the above script to perform three things.

1. Create new Computer account in OU specified. Works fine.
2. The script will Enable the Computer account, the 4096 in line 4 achieves this.
3. Members of the Domain Admins group, by default, have the rights to add this PC to the domain from the workstation. I want to specify an alternative group which has this ability.

Thanks in advance

 

[markdmac]

Grizzle1,

Have you taken a lok at the support tools utility NETDOM?

It is really easy to script and would allow you to both Join the Computer to the domain and create the account all at once and do it remotely.

I use it all the time to migrate computers from one domain to another. You just need to know the local admin password of the computer.

I hope you find this post helpful.

Regards,

Mark

 

[grizzle1]

Mark

Thanks for that. I hadn't used this utility before but have already found it extremely useful.

However, I've got a problem when trying to move an NT box from an old NT domain environment to a AD one. I've installed the DSCLIENT.EXE on the workstaation but when I run the NETDOM command I get an 'Access Denied' error. The /UserD account has full rights to the AD. For the /UserO account do I use a local administrator account or the same one I used for the /UserD? I've tried both and they produce the same results.

I can PING the w/s OK and its within the same subnet.

Any ideas?

Thanks in advance.

 

[markdmac]

the UserO account is the local admin account.

How are YOU logged in? I would try logging in as the admin from the old domain and see what your results are.

I hope you find this post helpful.

Regards,

Mark

 

[grizzle1]

Mark

Thanks for that.

I'm not logged into the workstation at all and with a domain account on the W2K server where I'm running the NETDOM commands from.

I presume that the W2K version of NETDOM still copes with NT workstations?

Thanks in advance.

 

[markdmac]

I believe it does still work with NT workstations.

What I meant about how you were logged in was in regards to how you are logged into YOUR computer from which you are executing NETDOM.

I hope you find this post helpful.

Regards,

Mark