Solved

vbscript: need coding help/advise for AD computer account management script

Posted on 2011-03-10
7
568 Views
Last Modified: 2012-05-11
I have the following script which I run after deploying a new machine to the domain.  This script does three things:

1.  joins computer to domain,
2.  changes computername to SerialNum in BIOS (i.e. Dell Service Tag#)
3.  adds Domain Users to local Administrators group

Here is the script -

'
' JoinDomainAndRename.vbs | Updated 03/27/2009 Stephen White 
' 
'    Joins computer to domain, changes computername to SerialNum in BIOS
'    and adds Domain Users to local Administrators group
'    with no output unless there is an error condition 
'
'==========================================================================

Const JOIN_DOMAIN = 1
Const ACCT_CREATE = 2
Const ACCT_DELETE = 4
Const WIN9X_UPGRADE = 16
Const DOMAIN_JOIN_IF_JOINED = 32
Const JOIN_UNSECURE = 64
Const MACHINE_PASSWORD_PASSED = 128
Const DEFERRED_SPN_SET = 256
Const INSTALL_INVOCATION = 262144

Dim message
Dim IP

strDomain = "altasens.com"
strUser = InputBox("Enter Username","Join Domain")
strPassword = InputBox("Enter Password","Join Domain")

If strUser="" or strPassword="" Then

	MsgBox "ERROR: No Username or Password provided", vbCritical
	WScript.Quit(0)

End If


'==========================================================================


' === Get computername
 
Set objNetwork = CreateObject("WScript.Network")
strComputer = objNetwork.ComputerName
 
Set objWMIService = GetObject ("winmgmts:" & "!\\" & strComputer & "\root\cimv2")
Set colAdapters = objWMIService.ExecQuery ("Select * from Win32_NetworkAdapterConfiguration Where IPEnabled = True")

newComputerName = GetSerial

If newComputerName = "" Then

    MsgBox "ERROR: Can't determine Service Tag",vbCritical
    WScript.Quit(0)

End If


' === Join to domain with existing computername

Set objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\" & _
    strComputer & "\root\cimv2:Win32_ComputerSystem.Name='" & _
        strComputer & "'")
 
ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, strPassword, strDomain & "\" & strUser, NULL, _
        JOIN_DOMAIN + ACCT_CREATE)

If ReturnValue <> 0 Then
    MsgBox "ERROR: Can't join domain",vbCritical
    WScript.Quit(0)
End If


' === Rename domain computer account

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

Set colComputers = objWMIService.ExecQuery _
    ("Select * from Win32_ComputerSystem")


For Each objComputer in colComputers

    ErrCode = objComputer.Rename(newComputerName, strPassword, strUser)
    
    If ErrCode <> 0 Then
    
    	MsgBox "ERROR: Can't rename domain computer account",vbCritical
	WScript.Quit(0)
    	
    End If

Next


' === Add Domain Users to local Administrators group

strComputer = "."
Set objLocalGroup = GetObject("WinNT://" & strComputer & "/Administrators")
Set objDomainGroup = GetObject("WinNT://Altasens/Domain Users")
objLocalGroup.Add(objDomainGroup.ADsPath)


WScript.Quit(0)

'==========================================================================

Function GetSerial()

On Error Resume Next
Dim objWMI : Set objWMI = GetObject("winmgmts:")
Dim colSettingsComp : Set colSettings = objWMI.ExecQuery("Select * from Win32_ComputerSystem")
Dim colSettingsBios : Set colSettingsBios = objWMI.ExecQuery("Select * from Win32_BIOS")
Dim objComputer
For Each objComputer in colSettingsBios
  GetSerial = Trim(objComputer.SerialNumber)
Next
On Error Goto 0

End Function

Open in new window



I run into issue when re-deploying a system when that computer account already exists in the domain.  Can anyone provide some guidance on how to code around this issue?  I'm looking at the FJoinOptions constants and wondering if the key is in these:

1 (0x1) Default. Joins a computer to a domain. If this value is not specified, the join is a computer to a workgroup.
2 (0x2) Creates an account on a domain.
4 (0x4) Deletes an account when a domain exists.
16 (0x10) The join operation is part of an upgrade from Windows 98 or Windows 95 to Windows 2000 or Windows NT.
32 (0x20) Allows a join to a new domain, even if the computer is already joined to a domain.
 
Does anyone have any experience with this?

Thanks in advance for the help!
 


 
0
Comment
Question by:AltaSens
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 65

Expert Comment

by:RobSampson
ID: 35102514
What's your issue? Do you get an error?

Maybe you could try this:

ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, strPassword, strDomain & "\" & strUser, NULL, JOIN_DOMAIN + ACCT_CREATE)

If ReturnValue <> 0 Then
	ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, strPassword, strDomain & "\" & strUser, NULL, JOIN_DOMAIN)
	If ReturnValue <> 0 Then
    	MsgBox "ERROR: Can't join domain",vbCritical
    	WScript.Quit(0)
    End If
End If

Open in new window


Regards,

Rob.
0
 

Author Comment

by:AltaSens
ID: 35105602
Hey Rob -   Ok, I think I follow...

So the first step is to try to join domain and create a computer account, then if that fails, try again to join domain using an existing computer account...is that right?

0
 
LVL 65

Expert Comment

by:RobSampson
ID: 35105820
Yes, in theory.  I haven't tried it that way, but fingers crossed.

Rob.
0
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

 

Author Comment

by:AltaSens
ID: 35142413
This doesn't seem to work.

Can anyone shed some light on the bitflags used by this method, specifically:

2 (0x2) Creates an account on a domain.
4 (0x4) Deletes an account when a domain exists.
32 (0x20) Allows a join to a new domain, even if the computer is already joined to a domain.


For #4, does this mean that the method will delete this account if it already exists in the domain?   If used in conjunction with #2, does it delete the account before recreating it?

for #32, is this intended to be used when moving a computer from one domain to another?  Or could this work for my needs, re-deploying a system when that computer account already exists in the domain.

0
 
LVL 65

Accepted Solution

by:
RobSampson earned 500 total points
ID: 35144417
I would have thought that 0x4 would delete the account from the domain when moving from a domain to a workgroup.
0x32 might help you but it might require that you specify a different domain, and not the current one.

What might work is if you specify a workgroup name, using the 0x4 parameter, then join the domain, using 0x1 + 0x2.

So, in theory (I can't test it at the moment), that would be
ReturnValue = objComputer.JoinDomainOrWorkGroup("WORKGROUPNAME", strPassword, strDomain & "\" & strUser, NULL, ACCT_DELETE)

ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, strPassword, strDomain & "\" & strUser, NULL, JOIN_DOMAIN + ACCT_CREATE)
If ReturnValue <> 0 Then
   	MsgBox "ERROR: Can't join domain",vbCritical
   	WScript.Quit(0)
End If 

Open in new window


Regards,

Rob.
0
 

Author Closing Comment

by:AltaSens
ID: 35381034
thanks for the help!
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 35381055
No worries. I hope it worked out.

Regards,

Rob.
0

Featured Post

Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question