Sign in to follow this  
Followers 0
ACalcutt

Add Domain User to local group

15 posts in this topic

#1 ·  Posted (edited)

I am trying to add a domain user to a local group

based on this acticle

http://www.microsoft.com/technet/scriptcen...04/hey1008.mspx

I thought i could do this

$objGroup = ObjGet("WinNT://" & @ComputerName & "/" & $level)
$objUser = ObjGet("WinNT://" & $domain & "/" & $user)
$objGroup.Add($objUser.ADsPath)

that works for a local user, but when i try to do a domain user i get

$objGroup.Add($objUser.ADsPath)

$objGroup.Add($objUser.^ERROR

Error: Variable must be of type "Object"

I'm assuming thats because it needs my credentials to check that the user exists....how whould i provide that information?

;complete function

Func _User($action, $user, $pass="", $domain=@ComputerName, $level="")
    Select
        Case $action = "ADD"
            $objLocalComputer = ObjGet("WinNT://" & @ComputerName); Init COM object
            $objUser = $objLocalComputer.Create ("user", $user); Create user
            $objUser.SetPassword ($pass)
            $objUser.SetInfo
            _User("SET_GROUP", $user, $pass, $domain, $level)
        Case $action = "REMOVE"
;_Profile("REMOVE", $user, $domain)
            $objLocalComputer = ObjGet("WinNT://" & @ComputerName); Init COM object
            $objLocalComputer.Delete("user", $user); Delete user
        Case $action = "SET_GROUP"
            $objGroup = ObjGet("WinNT://" & @ComputerName & "/" & $level)
            $objUser = ObjGet("WinNT://" & $domain & "/" & $user)
            $objGroup.Add($objUser.ADsPath)
        Case $action = "REMOVE_GROUP"
            $objGroup = ObjGet("WinNT://" & @ComputerName & "/" & $level)
            $objUser = ObjGet("WinNT://" & $domain & "/" & $user)
            $objGroup.Remove($objUser.ADsPath)
    EndSelect
EndFunc;==>_User
Edited by ACalcutt

Andrew Calcutt

Http://www.Vistumbler.net

Http://www.TechIdiots.net

Its not an error, its a undocumented feature

Share this post


Link to post
Share on other sites



what error do you get when you add these lines ?

$oMyError = ObjEvent("AutoIt.Error","MyErrFunc") ; Install a custom error handler 
; <+++++ You code goes here ++++
; This is my custom error handler 
Func MyErrFunc() 
   $HexNumber=hex($oMyError.number,8) 
   Msgbox(0,"","We intercepted a COM Error !" & @CRLF & _
                "Number is: " & $HexNumber & @CRLF & _
                "Linenbr is: " & $oMyError.scriptline  & @CRLF & _
                "Description is: " & $oMyError.description  & @CRLF & _
                "Windescription is: " & $oMyError.windescription ) 

   SetError(1) ; something to check for when this function returns 
Endfunc

Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

A friend from work helped me get it working...

i ended up with this

Func _User($action, $user, $pass="", $domain=@ComputerName, $level="")
    Select
        Case $action = "ADD"
            $objLocalComputer = ObjGet("WinNT://" & @ComputerName); Init COM object
            $objUser = $objLocalComputer.Create ("user", $user); Create user
            $objUser.SetPassword ($pass)
            $objUser.SetInfo
            _User("SET_GROUP", $user, $pass, $domain, $level)
        Case $action = "REMOVE"
            _Profile("REMOVE", $user, $domain)
            $objLocalComputer = ObjGet("WinNT://" & @ComputerName); Init COM object
            $objLocalComputer.Delete("user", $user); Delete user
        Case $action = "SET_GROUP"
            $dso = ObjGet("WinNT:")
            $objGroup = ObjGet("WinNT://" & @ComputerName & "/" & $level & ",group") 
            $objUser = $dso.OpenDSObject("WinNT://" & $domain & "/" & $user,$domain & "\" & $user, $pass, 1) 
            $objGroup.Add($objUser.ADsPath)
        Case $action = "REMOVE_GROUP"
            $objGroup = ObjGet("WinNT://" & @ComputerName & "/" & $level)
            $objUser = ObjGet("WinNT://" & $domain & "/" & $user)
            $objGroup.Remove($objUser.ADsPath)
    EndSelect
EndFunc ;==>_User

if i have some spare time i will see what the other code gave me as an error

Edited by ACalcutt

Andrew Calcutt

Http://www.Vistumbler.net

Http://www.TechIdiots.net

Its not an error, its a undocumented feature

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

Hi!

I'm trying to use your script. It goes to en error "The requested action with this object has failed".

$level = 'Administrators'
$domain = 'domainname'
$user = 'domainadmin'
$password = 'domainpassword'
$user1 = 'username'
$dso = ObjGet("WinNT:")
$objGroup = ObjGet("WinNT://" & @ComputerName & "/" & $level & ",group") 
$objUser1 = $dso.OpenDSObject("WinNT://" & $fulldomain & "/" & $user1,$domain & "\" & $user, $password, 1) 
$objGroup.Add ($objUser1.AdsPath)

Could you please help me to reedit it?

Edited by HaeMHuK

Share this post


Link to post
Share on other sites

All Active Directory related functions can be done using the Active Directory UDF (for download please see my signature) as well.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (2016-08-18 - Version 1.4.6.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2016-12-04 - Version 1.2.2.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

All Active Directory related functions can be done using the Active Directory UDF (for download please see my signature) as well.

Thanks for UDF. I've already created script for me based on it.

But I didn't find there what I've mentioned before.

Share this post


Link to post
Share on other sites

But I didn't find there what I've mentioned before.

That's true. The only WINNT stuff is related to the functions to join/unjoin a computer to the domain.

But with the AD UDF you can at least get the ADSPATH of the user.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (2016-08-18 - Version 1.4.6.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2016-12-04 - Version 1.2.2.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

That's true. The only WINNT stuff is related to the functions to join/unjoin a computer to the domain.

But with the AD UDF you can at least get the ADSPATH of the user.

I don't need to add pc to domain. I just only need to add domain user to local group.

How can I do it with AD UDF?

Share this post


Link to post
Share on other sites

#9 ·  Posted (edited)

#include <ad.au3>
_AD_Open()
; Get ADSPath for specified user
$user = @UserName
$sFQDN = _AD_SamAccountNameToFQDN($user)
$sADSPath = "LDAP://" & $sAD_HostServer & "/" & $sFQDN
_AD_Close()
; access group
$level = 'Administrators'
$objGroup = ObjGet("WinNT://" & @ComputerName & "/" & $level & ",group")
; Add user to group
$objGroup.Add ($sADSPath)

This example runs with the credentials of the current user. If you need a userid/password to access the AD then pass them as parameters to _AD_Open().

If you get:

Test.au3 (13) : ==> The requested action with this object has failed.:
$objGroup.Add ($sADSPath)
$objGroup.Add ($sADSPath)^ ERROR
then you're missing the necessary rights to add the user to the local group. Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (2016-08-18 - Version 1.4.6.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2016-12-04 - Version 1.2.2.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

#10 ·  Posted (edited)

*****.au3 (12) : ==> The requested action with this object has failed.:

$objGroup.Add ($sADSPath)

$objGroup.Add ($sADSPath)^ ERROR

Maybe I'm doing something wrong?

I have this rights. There is something else.

Edited by HaeMHuK

Share this post


Link to post
Share on other sites

*****.au3 (12) : ==> The requested action with this object has failed.:

$objGroup.Add ($sADSPath)

$objGroup.Add ($sADSPath)^ ERROR

Maybe I'm doing something wrong?

No, I think you're just missing the necessary rights to add the user to the local group.

I tested that the $objGroup exists.

To ensure that you aren't doing anything wrong with AutoIt you could download a VB script from the internet and test.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (2016-08-18 - Version 1.4.6.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2016-12-04 - Version 1.2.2.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

No, I think you're just missing the necessary rights to add the user to the local group.

I tested that the $objGroup exists.

To ensure that you aren't doing anything wrong with AutoIt you could download a VB script from the internet and test.

Well. After rebooting this works fine:

$dso = ObjGet("WinNT:")

$objGroup = ObjGet("WinNT://" & @ComputerName & "/" & $level & ",group")

$objUser = $dso.OpenDSObject("WinNT://" & $fulldomain & "/" & $user1,$domain & "\" & $user, $password, 1)

$objGroup.Add($objUser.ADsPath)

MsgBox(0, "111", "User added")

Sometimes it works sometimes not.

What is the reason, do you have any suggestions?

Share this post


Link to post
Share on other sites

#13 ·  Posted (edited)

Sometimes it works sometimes not.

What is the reason, do you have any suggestions?

Unfortunately I have no idea. That's not my area of expertise :x Anyone else? Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (2016-08-18 - Version 1.4.6.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2016-12-04 - Version 1.2.2.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Try in cmd :

"Net localgroup administrators domain\user /add"

If this works just RUNDOS it with autoit.

Share this post


Link to post
Share on other sites

Guys, nevermind. Now works fine!

Thanks a lot for help.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0