利用VBS脚本自动创建计算机帐户的代码 |
|
mcse注:其实这是 按照ADSI(Active Directory Services Interface:活动目录服务接口)写的程序 。如果你安装了resource kit,这段代码可以用netcom这条命令进行工作,下面是netcom的一个例子: NETDOM /Domain:MYDOMAIN /user:adminuser /password:apassword MEMBER MYCOMPUTER /ADD 复制代码 代码如下: *********************** * Start Script *********************** Dim sComputerName, sUserOrGroup, sPath, computerContainer, rootDSE, lFlag Dim secDescriptor, dACL, ACE, oComputer, sPwd * Declare constants used in defining the default location for the * machine account, flags to identify the object as a machine account, * and security flags Const UF_WORKSTATION_TRUST_ACCOUNT = &H1000 Const UF_ACCOUNTDISABLE = &H2 Const UF_PASSWD_NOTREQD = &H20 Const ADS_GUID_COMPUTRS_CONTAINER = "aa312825768811d1aded00c04fd8d5cd" Const ADS_ACETYPE_ACCESS_ALLOWED = 0 Const ADS_ACEFLAG_INHERIT_ACE = 2 * Set the flags on this object to identify it as a machine account * and determine the name. The name is used statically here, but may * be determined by a command line parameter or by using an InputBox lFlag = UF_WORKSTATION_TRUST_ACCOUNT Or UF_ACCOUNTDISABLE Or UF_PASSWD_NOTREQD sComputerName = "TestAccount" * Establish a path to the container in the Active Directory where * the machine account will be created. In this example, this will * automatically locate a domain controller for the domain, read the * domain name, and bind to the default "Computers" container ********************************************************************* Set rootDSE = GetObject("LDAP://RootDSE") sPath = "LDAP:// Set computerContainer = GetObject(sPath) sPath = "LDAP://" & computerContainer.Get("distinguishedName") Set computerContainer = GetObject(sPath) * Here, the computer account is created. Certain attributes must * have a value before calling .SetInfo to commit (write) the object * to the Active Directory Set oComputer = computerContainer.Create("computer", "CN=" & sComputerName) oComputer.Put "samAccountName", sComputerName + "$" oComputer.Put "userAccountControl", lFlag oComputer.SetInfo * Establish a default password for the machine account sPwd = sComputerName & "$" sPwd = LCase(sPwd) oComputer.SetPassword sPwd * Specify which user or group may activate/join this computer to the * domain. In this example, "MYDOMAIN" is the domain name and * "JoeSmith" is the account being given the permission. Note that * this is the downlevel naming convention used in this example. sUserOrGroup = "MYDOMAIN\joesmith" * Bind to the Discretionary ACL on the newly created computer account * and create an Access Control Entry (ACE) that gives the specified * user or group full control on the machine account Set secDescriptor = oComputer.Get("ntSecurityDescriptor") Set dACL = secDescriptor.DiscretionaryAcl Set ACE = CreateObject("AccessControlEntry") * An AccessMask of "-1" grants Full Control ACE.AccessMask = -1 ACE.AceType = ADS_ACETYPE_ACCESS_ALLOWED ACE.AceFlags = ADS_ACEFLAG_INHERIT_ACE * Grant this control to the user or group specified earlier. ACE.Trustee = sUserOrGroup * Now, add this ACE to the DACL on the machine account dACL.AddAce ACE secDescriptor.DiscretionaryAcl = dACL * Commit (write) the security changes to the machine account oComputer.Put "ntSecurityDescriptor", Array(secDescriptor) oComputer.SetInfo * Once all parameters and permissions have been set, enable the * account. oComputer.AccountDisabled = False oComputer.SetInfo * Create an Access Control Entry (ACE) that gives the specified user * or group full control on the machine account wscript.echo "The command completed successfully." ***************** * End Script |
