Vbscript 2017-03-23
mcse注:其实这是 按照ADSI(Active Directory Services Interface:活动目录服务接口)写的程序。如果你安装了resource kit,这段代码可以用netcom这条命令进行工作,下面是netcom的一个例子:
NETDOM /Domain:MYDOMAIN /user:adminuser /password:apassword MEMBER MYCOMPUTER /ADD
复制代码 代码如下:
*********************** '* Start Script '*********************** Dim sComputerName, sUserOrGroup, sPath, computerContainer, rootDSE, lFlag Dim secDescriptor, dACL, ACE, oComputer, sPwd ' '* Declare constants used in defining the default location for the '* machine account, flags to identify the object as a machine account, '* and security flags 'Const UF_WORKSTATION_TRUST_ACCOUNT = &H1000 Const UF_ACCOUNTDISABLE = &H2 Const UF_PASSWD_NOTREQD = &H20 Const ADS_GUID_COMPUTRS_CONTAINER = "aa312825768811d1aded00c04fd8d5cd" Const ADS_ACETYPE_ACCESS_ALLOWED = 0 Const ADS_ACEFLAG_INHERIT_ACE = 2 ' '* Set the flags on this object to identify it as a machine account '* and determine the name. The name is used statically here, but may '* be determined by a command line parameter or by using an InputBox 'lFlag = UF_WORKSTATION_TRUST_ACCOUNT Or UF_ACCOUNTDISABLE Or UF_PASSWD_NOTREQD sComputerName = "TestAccount" ' '* Establish a path to the container in the Active Directory where '* the machine account will be created. In this example, this will '* automatically locate a domain controller for the domain, read the '* domain name, and bind to the default "Computers" container '********************************************************************* Set rootDSE = GetObject("LDAP://RootDSE") sPath = "LDAP:// Set computerContainer = GetObject(sPath) sPath = "LDAP://" & computerContainer.Get("distinguishedName") Set computerContainer = GetObject(sPath) ''* Here, the computer account is created. Certain attributes must '* have a value before calling .SetInfo to commit (write) the object '* to the Active Directory 'Set oComputer = computerContainer.Create("computer", "CN=" & sComputerName) oComputer.Put "samAccountName", sComputerName + "$" oComputer.Put "userAccountControl", lFlag oComputer.SetInfo ' '* Establish a default password for the machine account 'sPwd = sComputerName & "$" sPwd = LCase(sPwd) oComputer.SetPassword sPwd ''* Specify which user or group may activate/join this computer to the '* domain. In this example, "MYDOMAIN" is the domain name and '* "JoeSmith" is the account being given the permission. Note that '* this is the downlevel naming convention used in this example. 'sUserOrGroup = "MYDOMAIN\joesmith" ''* Bind to the Discretionary ACL on the newly created computer account '* and create an Access Control Entry (ACE) that gives the specified '* user or group full control on the machine account 'Set secDescriptor = oComputer.Get("ntSecurityDescriptor") Set dACL = secDescriptor.DiscretionaryAcl Set ACE = CreateObject("AccessControlEntry") ' '* An AccessMask of "-1" grants Full Control ' ACE.AccessMask = -1 ACE.AceType = ADS_ACETYPE_ACCESS_ALLOWED ACE.AceFlags = ADS_ACEFLAG_INHERIT_ACE ''* Grant this control to the user or group specified earlier. 'ACE.Trustee = sUserOrGroup ' '* Now, add this ACE to the DACL on the machine account 'dACL.AddAce ACE secDescriptor.DiscretionaryAcl = dACL ' '* Commit (write) the security changes to the machine account 'oComputer.Put "ntSecurityDescriptor", Array(secDescriptor) oComputer.SetInfo ''* Once all parameters and permissions have been set, enable the '* account. ' oComputer.AccountDisabled = False oComputer.SetInfo ''* Create an Access Control Entry (ACE) that gives the specified user '* or group full control on the machine account 'wscript.echo "The command completed successfully." '***************** '* End Script