Jump to content
Sign in to follow this  
arcker

Auto domain Join

Recommended Posts

arcker

Hi evry one ! such a long time !

I will post my work on AD next time, but for now i nedd your help !

Ok, when we install some computers, we join domain manually, and it is a really a lost time.

I've found on the forum a solution that control the application "netdom.exe", but, i know i'm boring, i want a script that does that automatically.

I've found a script on Microsoft Website, so i've tried to convert it, but there is still some bugs.

here is the code :

; ----------------------------------------------------------------------------
;
; VBScript to AutoIt Converter v0.4
;
; ----------------------------------------------------------------------------

#include <array.au3>
#include <bk-logfile.au3>

;***********************
;* Start Script
;***********************

Dim $sComputerName, $sUserOrGroup, $sPath, $computerContainer, $rootDSE, $lFlag
Dim $secDescriptor, $dACL, $ACE, $oComputer, $sPwd

;**********************************************$***********************
;* Declare constants used in defining the default location for the
;* machine $ACCOUNT, flags to identify the object as a machine $ACCOUNT,
;* and security flags
;**********************************************$***********************

Const $UF_WORKSTATION_TRUST_ACCOUNT = '&H1000'
Const $UF_ACCOUNTDISABLE = '&H2'
Const $UF_PASSWD_NOTREQD = '&H20'
Const $ADS_GUID_COMPUTRS_CONTAINER = "aa312825768811d1aded00c04fd8d5cd"
Const $ADS_ACETYPE_ACCESS_ALLOWED = 0
Const $ADS_ACEFLAG_INHERIT_ACE = 2

;**********************************************$***********************
;* Set the flags on this object to identify it as a machine $ACCOUNT
;* and determine the name.  The name is used statically here, but may
;* be determined by a command line parameter or by using an InputBox
;**********************************************$***********************

$lFlag = $UF_WORKSTATION_TRUST_ACCOUNT Or $UF_ACCOUNTDISABLE Or $UF_PASSWD_NOTREQD
$sComputerName = "accountessai"

;**********************************************$***********************
;* Establish a path to the $CONTAINER in the Active Directory where
;* the machine $ACCOUNT will be created.  In this example, this will
;* automatically locate a domain controller for the domain, read the
;* domain name, and bind to the default "Computers" $CONTAINER
;**********************************************$***********************

 $rootDSE = ObjGet("LDAP://RootDSE")
$sPath = "LDAP://<WKGUID=" & $ADS_GUID_COMPUTRS_CONTAINER
$sPath = $sPath & ","
$sPath = $sPath & $rootDSE.Get("defaultNamingContext")
$sPath = $sPath & ">"
 $computerContainer = ObjGet($sPath)
$sPath = "LDAP://" & $computerContainer.Get("distinguishedName")
 $computerContainer = ObjGet($sPath)

;**********************************************$***********************
;* Here, the computer $ACCOUNT is created.  Certain attributes must
;* have a value before calling .SetInfo to commit (write) the object
;* to the Active Directory
;**********************************************$***********************

 $oComputer = $computerContainer.Create("computer", "CN=" & $sComputerName)
$oComputer.Put ("samAccountName", $sComputerName & "$")
$oComputer.Put ("userAccountControl", $lFlag)
$oComputer.SetInfo

;**********************************************$***********************
;* Establish a default password for the machine $ACCOUNT
;**********************************************$***********************

$sPwd = $sComputerName & "$"
$sPwd = StringLower($sPwd)
$oComputer.SetPassword ($sPwd)

;**********************************************$***********************
;* Specify which user or group may activate/join this computer to the
;* domain.  In this example, "MYDOMAIN" is the domain name and
;* "JoeSmith" is the $ACCOUNT being given the permission.  Note that
;* this is the downlevel naming convention used in this example.
;**********************************************$***********************

$sUserOrGroup = "MYDOMAIN\joesmith"

;**********************************************$***********************
;* Bind to the Discretionary ACL on the newly created computer $ACCOUNT
;* and create an $ACCESS Control Entry ($ACE) that gives the specified
;* user or group full control on the machine $ACCOUNT
;**********************************************$***********************

 $secDescriptor = $oComputer.Get("ntSecurityDescriptor")
 $dACL = $secDescriptor.DiscretionaryAcl
 $ACE = ObjCreate("AccessControlEntry")

;**********************************************$***********************
;* An AccessMask of "-1" grants Full Control
;**********************************************$***********************

$ACE.AccessMask = -1
$ACE.$ACETYPE = $ADS_ACETYPE_ACCESS_ALLOWED
$ACE.AceFlags = $ADS_ACEFLAG_INHERIT_ACE

;**********************************************$***********************
;* Grant this control to the user or group specified earlier.
;**********************************************$***********************

$ACE.Trustee = $sUserOrGroup

;**********************************************$***********************
;* Now, add this $ACE to the $dACL on the machine $ACCOUNT
;**********************************************$***********************

$dACL.AddAce ($ACE)
$secDescriptor.DiscretionaryAcl = $dACL

;**********************************************$***********************
;* Commit (write) the security changes to the machine $ACCOUNT
;**********************************************$***********************

$oComputer.Put ("ntSecurityDescriptor", _ArrayCreate($secDescriptor))
$oComputer.SetInfo

;**********************************************$***********************
;* Once all parameters and permissions have been set, enable the
;* $ACCOUNT.
;**********************************************$***********************

$oComputer.AccountDisabled = 0
$oComputer.SetInfo

;**********************************************$***********************
;* Create an $ACCESS Control Entry ($ACE) that gives the specified user
;* or group full control on the machine $ACCOUNT
;**********************************************$***********************

_WriteLog ("The command completed successfully.")

;*****************
;* End Script
;*****************

thx everyone and have a good day

arcker


-- Arck System _ Soon -- Ideas make everything

"La critique est facile, l'art est difficile"

Projects :

[list] [*]Au3Service : Run your exe as service V3 / Updated 29/07/2013 Get it Here [/list]

Share this post


Link to post
Share on other sites
arcker

ok the problem is on the line :

$oComputer.Put ("userAccountControl", $lFlag)

the $lflag doesn't seem to work, so it would be due to the affectation

in vb, it was :

Const UF_ACCOUNTDISABLE = &H2

but how to define it in autoit ? it's a flag so it's special.

when i remove the line the script works perfectly, so it's my ,last problem, snif...


-- Arck System _ Soon -- Ideas make everything

"La critique est facile, l'art est difficile"

Projects :

[list] [*]Au3Service : Run your exe as service V3 / Updated 29/07/2013 Get it Here [/list]

Share this post


Link to post
Share on other sites
Jos

Try:

Const $UF_WORKSTATION_TRUST_ACCOUNT = 0x1000
Const $UF_ACCOUNTDISABLE = 0x2
Const $UF_PASSWD_NOTREQD = 0x20

$lFlag = BitOR($UF_WORKSTATION_TRUST_ACCOUNT,$UF_ACCOUNTDISABLE, $UF_PASSWD_NOTREQD)

$oComputer.Put ("userAccountControl", $lFlag)

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource        Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites
arcker

ok it works perfectly

but my other script to join domain works unilky under

windows xp and over. tssssss

so i will use netdom.exe

and it doesn't to exist another method


-- Arck System _ Soon -- Ideas make everything

"La critique est facile, l'art est difficile"

Projects :

[list] [*]Au3Service : Run your exe as service V3 / Updated 29/07/2013 Get it Here [/list]

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×