Solved

How do I Create a Computer Account object in remote domain specifying alternative credentials - VBscript / LDAP bind ?

Posted on 2015-01-18
3
229 Views
Last Modified: 2015-01-31
On Computer A in Domain A I am trying to run a vbscript which will bind to the Domain Controller B in Domain B and create a computer account specifying credentials with appropriate permissions in Domain B.

There is no trust between the domains.
The firewall only has ports 389 and 636 open between Computer A and Domain Controller B.
For this reason DNS is not an option as 53 is not open so I need to reference Domain Controller B in my LDAP bind by IP address.
Using PowerShell is not an option (2003 domain without ADMGS), has to be VBscript.

I know I need to use OpenDSObject instead of GetObject but I cannot figure out the connection.

Once the computer account is created, all the necessary ACLs need to be created as per this MS script (for same domain)
http://support.microsoft.com/kb/315273

I have spent a few days trying to get this working, clearly I am not a scripter, really appreciate some help!
0
Comment
Question by:xxmp
  • 2
3 Comments
 
LVL 28

Expert Comment

by:Ryan McCauley
ID: 40562502
This might be a bit round-about, but how is the script actually being executed? If you don't have authentication access to the domain and there's no trust set up, you won't be able to launch an application with remote credentials. However, you can do a little-known trick with the RUNAS application using the "/NETONLY" switch:

http://codebetter.com/jameskovacs/2009/10/12/tip-how-to-run-programs-as-a-domain-user-from-a-non-domain-computer/

The net effect is that the process runs as the current local user, but when accessing remote resources (like other computers or a DC), it will provide the NETONLY credentials - as long as that remote resource can use them to authenticate properly, you're good to go. In this way, you could provide credentials from your remote domain when connecting to the domain controller.

All that said, I don't know that there's any way to do this automatically from a script, as you're suggesting - you can run the script as another user by using NETONLY, but you'd still have to initiate it (and provide the password) manually.
0
 

Accepted Solution

by:
xxmp earned 0 total points
ID: 40570436
strComputer = "COMPUTER NAME"
strLDAPServer = "LDAP SERVER TO CONNECT TO"
strContainer = "OU FOR COMPUTER ACCOUNT TO BE CREATED"
strUser = "USERNAME WITH PERMISSIONS TO JOIN MACHINE TO DOMAIN"
strPass = "PASSWORD"

Const ADS_SECURE_AUTHENTICATION = 1
Const ADS_SERVER_BIND = &h0200

Set dso = GetObject("LDAP:")
Set ObjContainer = dso.OpenDSObject("LDAP://" & strLDAPServer & "/" & strContainer, strUser, strPass, 1)

Set objComputer = objContainer.Create("Computer",_
"cn=" & strComputer)
objComputer.Put "sAMAccountName", strComputer & "$"
objComputer.Put "userAccountControl", 4096
objComputer.SetInfo

WScript.Quit
0
 

Author Closing Comment

by:xxmp
ID: 40581251
Through trial and error, found this to work perfectly.
0

Featured Post

Network it in WD Red

There's an industry-leading WD Red drive for every compatible NAS system to help fulfill your data storage needs. With drives up to 8TB, WD Red offers a wide array of solutions for customers looking to build the biggest, best-performing NAS storage solution.  

Join & Write a Comment

Suggested Solutions

Have you ever set up your wireless router at home or in the office to find that you little pop-up bubble in the bottom right-hand corner of Windows read "IP Conflict - One of more computers on the network have been assigned the following IP address"…
Whether you've completed a degree in computer sciences or you're a self-taught programmer, writing your first lines of code in the real world is always a challenge. Here are some of the most common pitfalls for new programmers.
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now