troubleshooting Question

How do I run a VBScript as Domain Admin

Avatar of Randy Rich
Randy RichFlag for United States of America asked on
Active DirectoryOS SecurityVB Script
7 Comments1 Solution1642 ViewsLast Modified:
I am trying to run a Group Policy log-on script that will identify if a computer is a laptop and place it in a group named "Laptops".  The script works great if you run it as a Domain Admin but fails with permissions errors if a Domain User runs it (I expected this considering it is trying to create and/or modify an AD group).  What I need to know is how do you run a VBScript as an Admin?  I have posted the code I have so far.
Option Explicit
Dim strComputer, strChassisType
Dim colChassis
Dim objWMIService, objChassis
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colChassis = objWMIService.ExecQuery _
    ("Select * from Win32_SystemEnclosure")
For Each objChassis in colChassis
    For  Each strChassisType in objChassis.ChassisTypes
        Select Case strChassisType
            Case 8
            Case 9
            Case 10
            Case 11
            Case 12
            Case 13
            Case 14
            End Select
Sub AddToGroup(groupName)
	On Error Resume Next
	'this will create a group if it does not exist. if it does exist, it will thorw an error that will cause the "On Error Resume Next" to resume next without stopping the script.
	Dim objSysInfo, objComputer, strComputerDN
	Dim objComputerGroup
	' Retrieve DN
	Set objSysInfo = CreateObject("ADSystemInfo")
	strComputerDN = objSysInfo.ComputerName
	' Bind computer object.
	Set objComputer = GetObject("LDAP://" & strComputerDN)
	' Bind to groups. You must specify the full Distinguished Names.
	Set objComputerGroup = GetObject("LDAP://CN=" & groupName & ",OU=Domain Clients,DC=highlandclinic,DC=com")
	' Addcomputer to groups, if not already members.
	If (objComputerGroup.IsMember(objComputer.AdsPath) = False) Then
	End If
	If Err.Number <> 0 Then
		Dim strError
		strError = "An error occured when trying to add this computer to the " & groupName & " group."
		Exit Sub
	End If
End Sub
Sub CreateGroup(groupName)
	On Error Resume Next
	Dim strOU, strDNSDomain, strNewGp, strNewGpLong
	Dim objOU, objGroup, objRootDSE
	'  Check - Make sure you have the OU referenced by strOU
	strOU = "OU=Domain Clients,"
	strNewGp = groupName
	strNewGpLong = "CN=" & strNewGp
	Set objRootDSE = GetObject("LDAP://RootDSE")
	strDNSDomain = objRootDSE.Get("DefaultNamingContext")
	'  Create new Group
	Set objOU = GetObject("LDAP://" & strOU & strDNSDomain )
	Set objGroup = objOU.Create("Group",strNewGpLong)
	objGroup.Put "sAMAccountName", strNewGp
	If Err.Number <> 0 Then
		Dim strError
		strError = "An error occured when trying to create the " & groupName & " group."
		Exit Sub
	End If
End Sub
Sub ErrorMessage(strError)
	Dim strMessage
	Dim strContactMessage
	strContactMessage = "If you require assistance, please contact IT Support."
	strMessage = strError & VbCrLf & VbCrLf & _
    "Error: " & Err.Number & VbCrLf & _
    "Error (Hex): " & Hex(Err.Number) & VbCrLf & _
    "Source: " &  Err.Source & VbCrLf & _
    "Description: " &  Err.Description & VbCrLf & _
    strContactMessage & VbCrLf & VbCrLf & _
    "Script will now continue to execute..."
    Wscript.Echo strMessage
End Sub
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 7 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 7 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros