arcker Posted January 9, 2006 Share Posted January 9, 2006 Hi evry one ! such a long time ! I will post my work on AD next time, but for now i nedd your help ! Ok, when we install some computers, we join domain manually, and it is a really a lost time. I've found on the forum a solution that control the application "netdom.exe", but, i know i'm boring, i want a script that does that automatically. I've found a script on Microsoft Website, so i've tried to convert it, but there is still some bugs. here is the code : expandcollapse popup; ---------------------------------------------------------------------------- ; ; VBScript to AutoIt Converter v0.4 ; ; ---------------------------------------------------------------------------- #include <array.au3> #include <bk-logfile.au3> ;*********************** ;* Start Script ;*********************** Dim $sComputerName, $sUserOrGroup, $sPath, $computerContainer, $rootDSE, $lFlag Dim $secDescriptor, $dACL, $ACE, $oComputer, $sPwd ;**********************************************$*********************** ;* Declare constants used in defining the default location for the ;* machine $ACCOUNT, flags to identify the object as a machine $ACCOUNT, ;* and security flags ;**********************************************$*********************** Const $UF_WORKSTATION_TRUST_ACCOUNT = '&H1000' Const $UF_ACCOUNTDISABLE = '&H2' Const $UF_PASSWD_NOTREQD = '&H20' Const $ADS_GUID_COMPUTRS_CONTAINER = "aa312825768811d1aded00c04fd8d5cd" Const $ADS_ACETYPE_ACCESS_ALLOWED = 0 Const $ADS_ACEFLAG_INHERIT_ACE = 2 ;**********************************************$*********************** ;* Set the flags on this object to identify it as a machine $ACCOUNT ;* and determine the name. The name is used statically here, but may ;* be determined by a command line parameter or by using an InputBox ;**********************************************$*********************** $lFlag = $UF_WORKSTATION_TRUST_ACCOUNT Or $UF_ACCOUNTDISABLE Or $UF_PASSWD_NOTREQD $sComputerName = "accountessai" ;**********************************************$*********************** ;* Establish a path to the $CONTAINER in the Active Directory where ;* the machine $ACCOUNT will be created. In this example, this will ;* automatically locate a domain controller for the domain, read the ;* domain name, and bind to the default "Computers" $CONTAINER ;**********************************************$*********************** $rootDSE = ObjGet("LDAP://RootDSE") $sPath = "LDAP://<WKGUID=" & $ADS_GUID_COMPUTRS_CONTAINER $sPath = $sPath & "," $sPath = $sPath & $rootDSE.Get("defaultNamingContext") $sPath = $sPath & ">" $computerContainer = ObjGet($sPath) $sPath = "LDAP://" & $computerContainer.Get("distinguishedName") $computerContainer = ObjGet($sPath) ;**********************************************$*********************** ;* Here, the computer $ACCOUNT is created. Certain attributes must ;* have a value before calling .SetInfo to commit (write) the object ;* to the Active Directory ;**********************************************$*********************** $oComputer = $computerContainer.Create("computer", "CN=" & $sComputerName) $oComputer.Put ("samAccountName", $sComputerName & "$") $oComputer.Put ("userAccountControl", $lFlag) $oComputer.SetInfo ;**********************************************$*********************** ;* Establish a default password for the machine $ACCOUNT ;**********************************************$*********************** $sPwd = $sComputerName & "$" $sPwd = StringLower($sPwd) $oComputer.SetPassword ($sPwd) ;**********************************************$*********************** ;* Specify which user or group may activate/join this computer to the ;* domain. In this example, "MYDOMAIN" is the domain name and ;* "JoeSmith" is the $ACCOUNT being given the permission. Note that ;* this is the downlevel naming convention used in this example. ;**********************************************$*********************** $sUserOrGroup = "MYDOMAIN\joesmith" ;**********************************************$*********************** ;* Bind to the Discretionary ACL on the newly created computer $ACCOUNT ;* and create an $ACCESS Control Entry ($ACE) that gives the specified ;* user or group full control on the machine $ACCOUNT ;**********************************************$*********************** $secDescriptor = $oComputer.Get("ntSecurityDescriptor") $dACL = $secDescriptor.DiscretionaryAcl $ACE = ObjCreate("AccessControlEntry") ;**********************************************$*********************** ;* An AccessMask of "-1" grants Full Control ;**********************************************$*********************** $ACE.AccessMask = -1 $ACE.$ACETYPE = $ADS_ACETYPE_ACCESS_ALLOWED $ACE.AceFlags = $ADS_ACEFLAG_INHERIT_ACE ;**********************************************$*********************** ;* Grant this control to the user or group specified earlier. ;**********************************************$*********************** $ACE.Trustee = $sUserOrGroup ;**********************************************$*********************** ;* Now, add this $ACE to the $dACL on the machine $ACCOUNT ;**********************************************$*********************** $dACL.AddAce ($ACE) $secDescriptor.DiscretionaryAcl = $dACL ;**********************************************$*********************** ;* Commit (write) the security changes to the machine $ACCOUNT ;**********************************************$*********************** $oComputer.Put ("ntSecurityDescriptor", _ArrayCreate($secDescriptor)) $oComputer.SetInfo ;**********************************************$*********************** ;* Once all parameters and permissions have been set, enable the ;* $ACCOUNT. ;**********************************************$*********************** $oComputer.AccountDisabled = 0 $oComputer.SetInfo ;**********************************************$*********************** ;* Create an $ACCESS Control Entry ($ACE) that gives the specified user ;* or group full control on the machine $ACCOUNT ;**********************************************$*********************** _WriteLog ("The command completed successfully.") ;***************** ;* End Script ;***************** thx everyone and have a good day arcker -- Arck System _ Soon -- Ideas make everything "La critique est facile, l'art est difficile" Projects :[list] [*]Au3Service : Run your exe as service V3 / Updated 29/07/2013 Get it Here [/list] Link to comment Share on other sites More sharing options...
arcker Posted January 9, 2006 Author Share Posted January 9, 2006 ok the problem is on the line : $oComputer.Put ("userAccountControl", $lFlag) the $lflag doesn't seem to work, so it would be due to the affectation in vb, it was : Const UF_ACCOUNTDISABLE = &H2 but how to define it in autoit ? it's a flag so it's special. when i remove the line the script works perfectly, so it's my ,last problem, snif... -- Arck System _ Soon -- Ideas make everything "La critique est facile, l'art est difficile" Projects :[list] [*]Au3Service : Run your exe as service V3 / Updated 29/07/2013 Get it Here [/list] Link to comment Share on other sites More sharing options...
Developers Jos Posted January 9, 2006 Developers Share Posted January 9, 2006 Try: Const $UF_WORKSTATION_TRUST_ACCOUNT = 0x1000 Const $UF_ACCOUNTDISABLE = 0x2 Const $UF_PASSWD_NOTREQD = 0x20 $lFlag = BitOR($UF_WORKSTATION_TRUST_ACCOUNT,$UF_ACCOUNTDISABLE, $UF_PASSWD_NOTREQD) $oComputer.Put ("userAccountControl", $lFlag) SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
arcker Posted January 10, 2006 Author Share Posted January 10, 2006 ok it works perfectly but my other script to join domain works unilky under windows xp and over. tssssss so i will use netdom.exe and it doesn't to exist another method -- Arck System _ Soon -- Ideas make everything "La critique est facile, l'art est difficile" Projects :[list] [*]Au3Service : Run your exe as service V3 / Updated 29/07/2013 Get it Here [/list] Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now