Auto domain Join

[arcker]

Hi evry one ! such a long time !

I will post my work on AD next time, but for now i nedd your help !

Ok, when we install some computers, we join domain manually, and it is a really a lost time.

I've found on the forum a solution that control the application "netdom.exe", but, i know i'm boring, i want a script that does that automatically.

I've found a script on Microsoft Website, so i've tried to convert it, but there is still some bugs.

here is the code :

expandcollapse popup

; ----------------------------------------------------------------------------
;
; VBScript to AutoIt Converter v0.4
;
; ----------------------------------------------------------------------------

#include <array.au3>
#include <bk-logfile.au3>

;***********************
;* Start Script
;***********************

Dim $sComputerName, $sUserOrGroup, $sPath, $computerContainer, $rootDSE, $lFlag
Dim $secDescriptor, $dACL, $ACE, $oComputer, $sPwd

;**********************************************$***********************
;* Declare constants used in defining the default location for the
;* machine $ACCOUNT, flags to identify the object as a machine $ACCOUNT,
;* and security flags
;**********************************************$***********************

Const $UF_WORKSTATION_TRUST_ACCOUNT = '&H1000'
Const $UF_ACCOUNTDISABLE = '&H2'
Const $UF_PASSWD_NOTREQD = '&H20'
Const $ADS_GUID_COMPUTRS_CONTAINER = "aa312825768811d1aded00c04fd8d5cd"
Const $ADS_ACETYPE_ACCESS_ALLOWED = 0
Const $ADS_ACEFLAG_INHERIT_ACE = 2

;**********************************************$***********************
;* Set the flags on this object to identify it as a machine $ACCOUNT
;* and determine the name.  The name is used statically here, but may
;* be determined by a command line parameter or by using an InputBox
;**********************************************$***********************

$lFlag = $UF_WORKSTATION_TRUST_ACCOUNT Or $UF_ACCOUNTDISABLE Or $UF_PASSWD_NOTREQD
$sComputerName = "accountessai"

;**********************************************$***********************
;* Establish a path to the $CONTAINER in the Active Directory where
;* the machine $ACCOUNT will be created.  In this example, this will
;* automatically locate a domain controller for the domain, read the
;* domain name, and bind to the default "Computers" $CONTAINER
;**********************************************$***********************

 $rootDSE = ObjGet("LDAP://RootDSE")
$sPath = "LDAP://<WKGUID=" & $ADS_GUID_COMPUTRS_CONTAINER
$sPath = $sPath & ","
$sPath = $sPath & $rootDSE.Get("defaultNamingContext")
$sPath = $sPath & ">"
 $computerContainer = ObjGet($sPath)
$sPath = "LDAP://" & $computerContainer.Get("distinguishedName")
 $computerContainer = ObjGet($sPath)

;**********************************************$***********************
;* Here, the computer $ACCOUNT is created.  Certain attributes must
;* have a value before calling .SetInfo to commit (write) the object
;* to the Active Directory
;**********************************************$***********************

 $oComputer = $computerContainer.Create("computer", "CN=" & $sComputerName)
$oComputer.Put ("samAccountName", $sComputerName & "$")
$oComputer.Put ("userAccountControl", $lFlag)
$oComputer.SetInfo

;**********************************************$***********************
;* Establish a default password for the machine $ACCOUNT
;**********************************************$***********************

$sPwd = $sComputerName & "$"
$sPwd = StringLower($sPwd)
$oComputer.SetPassword ($sPwd)

;**********************************************$***********************
;* Specify which user or group may activate/join this computer to the
;* domain.  In this example, "MYDOMAIN" is the domain name and
;* "JoeSmith" is the $ACCOUNT being given the permission.  Note that
;* this is the downlevel naming convention used in this example.
;**********************************************$***********************

$sUserOrGroup = "MYDOMAIN\joesmith"

;**********************************************$***********************
;* Bind to the Discretionary ACL on the newly created computer $ACCOUNT
;* and create an $ACCESS Control Entry ($ACE) that gives the specified
;* user or group full control on the machine $ACCOUNT
;**********************************************$***********************

 $secDescriptor = $oComputer.Get("ntSecurityDescriptor")
 $dACL = $secDescriptor.DiscretionaryAcl
 $ACE = ObjCreate("AccessControlEntry")

;**********************************************$***********************
;* An AccessMask of "-1" grants Full Control
;**********************************************$***********************

$ACE.AccessMask = -1
$ACE.$ACETYPE = $ADS_ACETYPE_ACCESS_ALLOWED
$ACE.AceFlags = $ADS_ACEFLAG_INHERIT_ACE

;**********************************************$***********************
;* Grant this control to the user or group specified earlier.
;**********************************************$***********************

$ACE.Trustee = $sUserOrGroup

;**********************************************$***********************
;* Now, add this $ACE to the $dACL on the machine $ACCOUNT
;**********************************************$***********************

$dACL.AddAce ($ACE)
$secDescriptor.DiscretionaryAcl = $dACL

;**********************************************$***********************
;* Commit (write) the security changes to the machine $ACCOUNT
;**********************************************$***********************

$oComputer.Put ("ntSecurityDescriptor", _ArrayCreate($secDescriptor))
$oComputer.SetInfo

;**********************************************$***********************
;* Once all parameters and permissions have been set, enable the
;* $ACCOUNT.
;**********************************************$***********************

$oComputer.AccountDisabled = 0
$oComputer.SetInfo

;**********************************************$***********************
;* Create an $ACCESS Control Entry ($ACE) that gives the specified user
;* or group full control on the machine $ACCOUNT
;**********************************************$***********************

_WriteLog ("The command completed successfully.")

;*****************
;* End Script
;*****************

thx everyone and have a good day

arcker

[arcker]

ok the problem is on the line :

$oComputer.Put ("userAccountControl", $lFlag)

the $lflag doesn't seem to work, so it would be due to the affectation

in vb, it was :

Const UF_ACCOUNTDISABLE = &H2

but how to define it in autoit ? it's a flag so it's special.

when i remove the line the script works perfectly, so it's my ,last problem, snif...

[Jos]

Try:

Const $UF_WORKSTATION_TRUST_ACCOUNT = 0x1000
Const $UF_ACCOUNTDISABLE = 0x2
Const $UF_PASSWD_NOTREQD = 0x20

$lFlag = BitOR($UF_WORKSTATION_TRUST_ACCOUNT,$UF_ACCOUNTDISABLE, $UF_PASSWD_NOTREQD)

$oComputer.Put ("userAccountControl", $lFlag)

[arcker]

ok it works perfectly

but my other script to join domain works unilky under

windows xp and over. tssssss

so i will use netdom.exe

and it doesn't to exist another method