54SA.COM|专注于系统运维管理,为中国SA提供动力!

54SA.COM|系统运维网

系统管理员之家Banner
当前位置: 主页 > Windows > 服务器 > 域服务器 >

VBS脚本自动创建计算机帐户

分享到:
时间:2010-10-28 21:26来源:编辑部 作者:Matin

  mcse注:其实这是 按照ADSI(Active Directory Services Interface:活动目录服务接口)写的程序。如果你安装了resource kit,这段代码可以用netcom这条命令进行工作,下面是netcom的一个例子:
  NETDOM /Domain:MYDOMAIN /user:adminuser /password:apassword MEMBER MYCOMPUTER /ADD
  ***********************
  '* Start Script
  '***********************
  Dim sComputerName, sUserOrGroup, sPath, computerContainer, rootDSE, lFlag
  Dim secDescriptor, dACL, ACE, oComputer, sPwd
  
  '
  '* Declare constants used in defining the default location for the
  '* machine account, flags to identify the object as a machine account,
  '* and security flags
  'Const UF_WORKSTATION_TRUST_ACCOUNT = &H1000
  Const UF_ACCOUNTDISABLE = &H2
  Const UF_PASSWD_NOTREQD = &H20
  Const ADS_GUID_COMPUTRS_CONTAINER = "aa312825768811d1aded00c04fd8d5cd"
  Const ADS_ACETYPE_ACCESS_ALLOWED = 0
  Const ADS_ACEFLAG_INHERIT_ACE = 2
  
  '
  '* Set the flags on this object to identify it as a machine account
  '* and determine the name. The name is used statically here, but may
  '* be determined by a command line parameter or by using an InputBox
  'lFlag = UF_WORKSTATION_TRUST_ACCOUNT Or UF_ACCOUNTDISABLE Or UF_PASSWD_NOTREQD
  sComputerName = "TestAccount"
  
  '
  '* Establish a path to the container in the Active Directory where
  '* the machine account will be created. In this example, this will
  '* automatically locate a domain controller for the domain, read the
  '* domain name, and bind to the default "Computers" container
  '*********************************************************************
  
  Set rootDSE = GetObject("LDAP://RootDSE")
  sPath = "LDAP://  sPath = sPath + ","
  sPath = sPath + rootDSE.Get("defaultNamingContext")
  sPath = sPath +">"
  Set computerContainer = GetObject(sPath)
  sPath = "LDAP://" & computerContainer.Get("distinguishedName")
  Set computerContainer = GetObject(sPath)
  
  ''* Here, the computer account is created. Certain attributes must
  '* have a value before calling .SetInfo to commit (write) the object
  '* to the Active Directory
  'Set oComputer = computerContainer.Create("computer", "CN=" & sComputerName)
  oComputer.Put "samAccountName", sComputerName + "$"
  oComputer.Put "userAccountControl", lFlag
  oComputer.SetInfo
  
  '
  '* Establish a default password for the machine account
  'sPwd = sComputerName & "$"
  sPwd = LCase(sPwd)
  oComputer.SetPassword sPwd
  
  ''* Specify which user or group may activate/join this computer to the
  '* domain. In this example, "MYDOMAIN" is the domain name and
  '* "JoeSmith" is the account being given the permission. Note that
  '* this is the downlevel naming convention used in this example.
  'sUserOrGroup = "MYDOMAINjoesmith"
  
  ''* Bind to the Discretionary ACL on the newly created computer account
  '* and create an Access Control Entry (ACE) that gives the specified
  '* user or group full control on the machine account
  'Set secDescriptor = oComputer.Get("ntSecurityDescriptor")
  Set dACL = secDescriptor.DiscretionaryAcl
  Set ACE = CreateObject("AccessControlEntry")
  
  '
  '* An AccessMask of "-1" grants Full Control
  '
  ACE.AccessMask = -1
  ACE.AceType = ADS_ACETYPE_ACCESS_ALLOWED
  ACE.AceFlags = ADS_ACEFLAG_INHERIT_ACE
  
  ''* Grant this control to the user or group specified earlier.
  'ACE.Trustee = sUserOrGroup
  
  '
  '* Now, add this ACE to the DACL on the machine account
  'dACL.AddAce ACE
  secDescriptor.DiscretionaryAcl = dACL
  
  '
  '* Commit (write) the security changes to the machine account
  'oComputer.Put "ntSecurityDescriptor", Array(secDescriptor)
  oComputer.SetInfo
  
  ''* Once all parameters and permissions have been set, enable the
  '* account.
  '
  oComputer.AccountDisabled = False
  oComputer.SetInfo
  
  ''* Create an Access Control Entry (ACE) that gives the specified user
  '* or group full control on the machine account
  'wscript.echo "The command completed successfully."
  
  '*****************
  '* End Script
  '*****************
  
  

[责任编辑:Lavy]

顶一下
(0)
0%
踩一下
(0)
0%
------分隔线----------------------------
发表评论
请自觉遵守互联网相关的政策法规,严禁发布色情、暴力、反动的言论。
评价:
用户名:
最新评论 进入详细评论页>>