JoinAD KiXforms script to move computers into Active Directory - KiXtart.org

You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » Advanced Scripting » JoinAD KiXforms script to move computers into Active Directory

Page 1 of 1

Topic Options

#75216 - 2003-05-30 02:17 AM

JoinAD KiXforms script to move computers into Active Directory

NTDOC

Administrator

Registered: 2000-07-28
Posts: 11625
Loc: CA

This script is a KiXforms script created to help desktop support
people to Move computers into the Active Directory under a specific
OU container.

You can easily modify the OU paths to your specific Network requirements to use in your environment.

UPDATED CODE June 10, 2003

Requirements to run this script:
1. Active Directory (can run script for testing without AD)
2. KiXtart v4.x (preferred v4.21)
3. KiXforms v2.3.0 Beta 2 http://www.kixforms.com/assets/index.htm
4. NETDOM.EXE from Microsoft

NOTE NETDOM does not support NT 4 well for moving to
a specific OU in Active Directory

Description of Netdom.exe Syntax and Versions
http://support.microsoft.com/default.aspx?scid=kb;en-us;329721

Obtaining the NETDOM.EXE utility from Microsoft
The document - Best Practices: Active Directory Forest Recovery
Download the documentation archive which contains the NETDOM.EXE utility for 2000
file version 5.2.3687.0 (Friday, September 27, 2002, 8:38:06 PM)
http://www.microsoft.com/downloads/details.aspx?displaylang=en&Fam ilyID=3EDA5A79-C99B-4DF9-823C-933FEBA08CFE

Here is a screen shot of how it currently looks

JoinAD


; *** File Name:    frmJoinAD.kix
; *** Date Created: 2003-05-22 15:00 PST - By Ron Lewis
; *** Comments:	This script is used to MOVE 2000/XP Workstations into an
; *** Active Directory.  Currently does not support a Computer RENAME but
; *** you should be able to easily add that functionality.


; *************** REVISION HISTORY  ***************
; 01.04 *** 2003-06-10 18:35 PST - By Ron Lewis
;	Corrected invalid error return.  Added passing a parameter to function ShowResults
; 01.03 *** 2003-06-02 14:25 PST - By Ron Lewis
;	Corrected invalid path for OU
; 01.02 *** 2003-05-29 15:30 PST - By Ron Lewis
;	Enabled check for blank computer name
; 01.01 *** 2003-05-22 16:55 PST - By Ron Lewis
;	Updated to install and run from UNC batch call
; 01.00 *** 2003-05-22 15:00 PST - By Ron Lewis
;	Original Release

Break On
DIM $nul
IF @PRODUCTTYPE="Windows XP Professional" OR @PRODUCTTYPE="Windows 2000 Professional"
    IF LocalAdmin
      IF EXIST('%WINDIR%\SYSTEM32\KIXFORMS.DLL')
        SHELL '%COMSPEC% /C %WINDIR%\SYSTEM32\regsvr32.exe %WINDIR%\SYSTEM32\KIXFORMS.DLL /U /S'
        DEL('%WINDIR%\SYSTEM32\KIXFORMS.DLL')
      ENDIF
      COPY '@SCRIPTDIR\kixforms.dll' '%WINDIR%\SYSTEM32\'
      SLEEP 2
      SHELL '%COMSPEC% /C %WINDIR%\SYSTEM32\regsvr32.exe %WINDIR%\SYSTEM32\KIXFORMS.DLL /S'
    
    $ScriptVersion=" v1.0"
    $Form = CreateObject("Kixtart.Form")
    $Form.Text = "Move Computer into Active Directory"
    $Form.FontName = "Tahoma"
    $Form.FontSize = 10
    $Form.ClientSize = 640,480  ;370,380
    $Form.BackColor = &E5A88A
    $Form.FontName = "Arial"
    $Form.FontSize = 8
    $Form.Icon = "%WINDIR%\System32\shell32.dll;48"
    
    $ImageList = $Form.ImageList
    $ImageList.ImageSize = 32,32
    $ImageList.Images.Add($Form.SmallImageList.Images(12))
    $ImageList.Images.Add($Form.SmallImageList.Images(9))
    
    $FrameBanner            = $Form.PictureBox 
    $FrameBanner.BackColor  = $Form.RGB(138,168,229)
    $FrameBanner.Height     = 70 
    $FrameBanner.Left       = 440
    $FrameBanner.Top        = 0 
    $FrameBanner.Width      = 70 
    $FrameBanner.BorderStyle= 0
    
    
    $PictureBanner          = $FrameBanner.Image 
    $PictureBanner.Picture  = "%WINDIR%\System32\shell32.dll;14"
    $PictureBanner.Height   = 60
    $PictureBanner.Left     = 2
    $PictureBanner.Top      = 2
    $PictureBanner.Width    = 60
    
    
    $Form.FillStyle = 1
    $Form.FillColor = &B24801
    $Form.Rectangle(0,0,440,$Form.ClientHeight-20)
    $Form.ForeColor = &E5A88A+&151515
    $Form.FontBold = True
    $Form.FontSize = 10
    
    $Form.PrintXY(5,10,"Computer:")
    $Form.PrintXY(5,60,"Domain\UserID:")
    $Form.PrintXY(5,110,"Password:")
    $Form.PrintXY(5,165,"Select OU Container:")
    $Form.PrintXY(5,380,"Status:")
    
    $Form.FontName = "arial"
    $Form.FontSize = 20
    $Form.FontItalic = True
    $Form.FontBold = True
    $Form.ForeColor = &E3A17A+&151515
    $Form.PrintXY(517,17,"Join AD")
    $Form.ForeColor = &E3A17A-&151515
    $Form.PrintXY(515,15,"Join AD")
    
    $Form.FontSize = 12
    $Form.PrintXY(540,45,$ScriptVersion)
    $Form.ForeColor = Gray
    $Form.FontSize = 10
    $Form.PrintXY(445,70,"Migration Script by Ron Lewis")
    $Form.ForeColor = BLACK
    $Form.FontSize = 10
    $Form.FontBold = False
    $Form.FontItalic = False
    $Form.PrintXY(445,110,"1: Enter Domain and User ID")
    $Form.PrintXY(445,130,"2: Enter password")
    $Form.PrintXY(445,150,"3: Select OU container")
    $Form.PrintXY(445,170,"4: Click Move Computer")
    
    $txtArea		        = $Form.ComboBox
    $txtArea.Bounds		= 3,185,348,150
    $txtArea.Style		= 1
    $txtArea.DropDownWidth	= 348
    $OU1="Computers OU in FINANCE"
    $OU2="Computers OU in GRAPHICS"
    $OU3="Computers OU in ENTERTAINMENT"
    $txtArea.AddItem($OU1)
    $txtArea.AddItem($OU2)
    $txtArea.AddItem($OU3)
    
    $Computer = $Form.TextBox
    $Computer.FontSize = 12
    $Computer.Top = 30
    $Computer.Left = 3
    $Computer.Right = 350
    $Computer.Height = 30
    $Computer.BorderStyle = 4
    $Computer.Text = @WKSTA
    $Computer.FontName = "Courier New"
    
    $Userid = $Form.TextBox
    $Userid.FontSize = 12
    $Userid.Top = 80
    $Userid.Left = 3
    $Userid.Right = 350
    $Userid.Height = 30
    $Userid.BorderStyle = 4
    $Userid.Text = @DOMAIN+'\'+@USERID
    $Userid.FontName = "Courier New"
    
    $UserPass = $Form.TextBox
    $UserPass.FontSize = 12
    $UserPass.Top = 130
    $UserPass.Left = 3
    $UserPass.Right = 350
    $UserPass.Height  = 30
    $UserPass.BorderStyle = 4
    $UserPass.PasswordChar = "*" 
    $UserPass.Text = ""
    $UserPass.FontName = "Courier New"
    
    $Move = $Form.ToolButton
    $Move.Alignment = 2
    $Move.FlatStyle = 1
    $Move.left = 455
    $Move.top = 366
    $Move.width = 85
    $Move.height = 85
    $Move.text = "&Move@crlfComputer"
    $Move.Icon = $ImageList.Images(0)
    $Move.border = 3
    $Move.ToolTip = "Moves current computer into the Active Directory"
    $Move.BackColor = 212,208,200
    $Move.OnClick = "Message()"
    
    $Quit = $Form.ToolButton
    $Quit.Alignment = 2
    $Quit.FlatStyle = 1
    $Quit.left = 540
    $Quit.top = 366
    $Quit.width = 85
    $Quit.height = 85
    $Quit.text = "E&xit"
    $Quit.Icon = $ImageList.Images(1)
    $Quit.border = 3
    $Quit.ToolTip = "Exits application without further prompting"
    $Quit.BackColor = 212,208,200
    $Quit.OnClick = "Quit()"

    $Status = $Form.Label
    $Status.Left = 0
    $Status.Top = $Form.ClientHeight-20
    $Status.Height = 20
    $Status.Right = $Form.ClientWidth
    $Status.BackColor = 212,208,200
    $Status.Forecolor = Gray
    $Status.BorderStyle = 5
    $Status.Text = " Powered by Kixtart "+@KIX+" and Kixforms "+$Form.Version
    
    Dim $StringUsername
    Dim $StringPassword
    
    $Form.Center
    $Form.Show
    While $Form.Visible
     $=Execute($Form.DoEvents)
    Loop
    
    Exit 1
    ELSE
     $nul = MESSAGEBOX("You must be logged on with Administrator rights to use this tool. ", "Insufficient Rights", 16)
    EndIF
ELSE
  $nul = MESSAGEBOX("Only Windows 2000/XP supported.   Please use another method to add NT 4.0 systems. ", "Unsupported OS", 16)
  EXIT 199
ENDIF

Function Message() 
 DIM $err2
 IF $Computer.Text = ""
   $err2= $Form.MsgBox("You must specify a valid Computer name before clicking Move Computer.", "Invalid Computer name",16) 
   $Computer.Text = @WKSTA
   EXIT Sub
 ELSE
   $Computer.Text = $Computer.Text
 ENDIF 

 IF $Userid.Text = "" 
   $err2= $Form.MsgBox("You must specify a Domain and User ID before clicking Move Computer.", "Invalid Username",16) 
   $Userid.Text = $StringUsername 
   Exit Sub 
 Else 
   $StringUsername = $Userid.Text
 EndIf 

 If $UserPass.Text = "" 
   $err2= $Form.MsgBox("You must specify a password before clicking Move Computer.", "Invalid Password",16) 
   $UserPass.Text = $StringPassword 
   Exit Sub 
 Else 
   $StringPassword = $UserPass.Text
 EndIf 
SelectOU
EndFunction


Function SelectOU()
DIM $Action, $err
    $Action="MOVE"
Select
  Case $txtArea.text=""
    $err=$Form.MsgBox("Please select a valid OU and try again","Invalid OU Container Selected",16)
  Case $txtArea.text=$OU1
    $MoveComp='netdom.exe $Action @wksta /d:businessone.home.company.com /ud:$StringUsername /PD:$StringPassword /ou:ou=computers,ou=businessone,ou=home,dc=company,dc=com /REBOOT'
    SHELL $MoveComp
    ShowResults(@ERROR,@SERROR)
  Case $txtArea.text=$OU2
    $MoveComp='netdom.exe $Action @wksta /d:businesstwo.home.company.com /ud:$StringUsername /PD:$StringPassword /ou:ou=computers,ou=businesstwo,ou=home,dc=company,dc=com /REBOOT'
    SHELL $MoveComp
    ShowResults(@ERROR,@SERROR)
  Case $txtArea.text=$OU3
    $MoveComp='netdom.exe $Action @wksta /d:businessthree.home.company.com /ud:$StringUsername /PD:$StringPassword /ou:ou=computers,ou=businessthree,ou=home,dc=company,dc=com /REBOOT'
    SHELL $MoveComp
    ShowResults(@ERROR,@SERROR)
  CASE 1
    $err=$Form.MsgBox($txtArea.txt +"There was an unexpected error. Please verify all information and try again","Unexpected Error",16)
EndSelect
EndFunction

Function ShowResults($ERROR,$SERROR)
  $Message = $Form.TextBox
  $Message.FontSize = 10
  $Message.Top = 400
  $Message.Left = 3
  $Message.Right = 440
  $Message.Height = 50; 200
  $Message.MultiLine = True
  $Message.BorderStyle = 0
  $Message.ScrollBars = 2
  $Message.FontName = "Courier New"
  $Message.Text = "Computer move result: "+$ERROR+'  '+$SERROR
EndFunction

function LocalAdmin()
 $LocalAdmin=ingroup('@wksta\'+sidtoname('S-1-5-32-544'))-1+@inwin
endfunction

[ 11. June 2003, 04:24: Message edited by: NTDOC ]

Top

#75217 - 2003-05-30 10:11 AM Re: JoinAD KiXforms script to move computers into Active Directory
Radimus Radimus Moderator Registered: 2000-01-06 Posts: 5187 Loc: Tampa, FL	if you look at McafeeManager you will find a function that enums AD OUs for OUs containing computers I believe that InContainer() will return the distinguished name/AD path of a given PC and a LDAP function will move the PC without requiring the dependance on netdom http://www.microsoft.com/technet/treeview/default.asp?url=/technet/scriptcenter/compmgmt/ScrCM33.asp So basically you could either default it to look into a specific computer OU and enum all the computers in it, or search for the computer acct where ever it was and then enumm all OUs with computer accounts as listbox/combobox as the destination and then a move and cancel button combobox1: enumed list of OU's to enum computer accounts to populate comboxbox2 combobox2: if box1 blank then computer acct to search for or enumed list of computers in OU selected in box1 Combobox3: destination OU button1: move, check computer acct is not already in destination OU button2: quit In any case, good job on the kixform _________________________ How to ask questions the smart way <-----------> Before you ask
Top

#75218 - 2003-05-30 08:20 PM Re: JoinAD KiXforms script to move computers into Active Directory
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11625 Loc: CA	Rad, Thanks for the feedback and information. Very good suggestions which may apply to some Companies out there. 1. I think this LDAP move is only for a computer that is already in the AD. In our case the Computer is not in AD, it is a freshly ghosted image that we are adding to the AD typically from Workgroup. If you know or find an ADSI/WMI call that can do it without the need for NETDOM.EXE that would be cool. 2. Not sure about other Companies, but we have 100's and 100's of OUs for Computers. That is why I don't enum them. For our business unit they typically will only go into 1 of 3 locations, so spending the time to enum all the OUs is not very efficient. Perhaps someone that is an Enterprise Admin in our Company that might want to do this in any of the OUs might want to use the enum process. Or smaller Companies. 3. Would really like to find a valid method to add NT 4.0 systems to the AD... If I can use AD Users and Computers to manually add a computer to an OU and set it to be assigned to pre-2000 then I would think I should be able to do it in script as well... Just need to find that method. As you say, if that could be done, then wouldn't need NETDOM.EXE at all Thanks again for the feedback Rad. Good ideas. [ 30. May 2003, 20:22: Message edited by: NTDOC ]
Top

#75219 - 2003-05-31 01:11 AM Re: JoinAD KiXforms script to move computers into Active Directory
Richie19Rich77 Richie19Rich77 Seasoned Scripter Registered: 2002-08-16 Posts: 624 Loc: London, England	Very Nice Layout, Very XP Looking
Top

#75220 - 2003-06-11 04:38 AM Re: JoinAD KiXforms script to move computers into Active Directory
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11625 Loc: CA	I have updated the above code as of 06/10/2003 There were some minor errors in the code that hopefully are now fixed.
Top

#75221 - 2003-06-27 12:38 AM Re: JoinAD KiXforms script to move computers into Active Directory
kholm kholm Korg Regular Registered: 2000-06-19 Posts: 714 Loc: Randers, Denmark	Doc, You could add a section like this to Sysprep.inf: code: [Identification] JoinDomain=YourDomain.com DomainAdmin=2kAddUser DomainAdminPassword=win2kAddUser MachineObjectOU="OU=NewPC,DC=YourDomain,DC=com" This will only ask for the computername during install off the ghosted image, and the computer will join AD in the OU: NewPC This ofcourse requires than you have added the OU: NewPC to the root of the domain, and created the user: win2kAddUser In My domain the user: win2kAddUser is a domain user with elevated priveliges to the OU: NewPC (win2kAddUser can add computers to OU: NewPC) NOT a DomainAdmin as stated in the Identification section, but this is enough! Don't be afraid of the password in plain text in sysprep.inf, because the folder: C:\Sysprep is automatically removed during the first boot, so it's sort of paranoia to make the special user: 2kAddUser You can now use the LDAP: move computer (Something like this) code: Function MoveToOU($WS,$ToOU,$From) Dim $objToOU $objToOU = GetObject('LDAP://' + $ToOU) If @Error Exit @Error EndIf $RC = $objToOU.MoveHere('LDAP://' + $WS + ',' + $From, $WS) Exit @Error EndFunction Parameters for: MoveToOU() $FromOU being: 'OU=NewPC,DC=YourDomain,DC=com' $ToOU being ie.: 'OU=Office,OU=Department,DC=YourDomain,DC=com' $WS being: 'CN=NameOfWS' (Sustittute: NameOfWS whit the real name of the workstation) -Erik Ps. I have a serverside script that checks for comcuters in the OU: NewPC and automatically moves them to the appropritate OU based on ini-files [ 27. June 2003, 01:04: Message edited by: kholm ]
Top

#75222 - 2003-06-27 01:44 AM Re: JoinAD KiXforms script to move computers into Active Directory
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11625 Loc: CA	Actually ANYONE can add a computer to the AD by Microsoft's default settings. Up to 10 computers per month I think, or maybe it is 10 total. I do like this idea though. Wonder though if/how it can be modified to be able to choose different Domains. Thanks for the information, I'll have to look into this in the future.
Top

#75223 - 2003-06-27 07:01 PM Re: JoinAD KiXforms script to move computers into Active Directory
Sealeopard Sealeopard KiX Master Registered: 2001-04-25 Posts: 11165 Loc: Boston, MA, USA	See also KB article Domain Users Cannot Join Workstation or Server to a Domain _________________________ There are two types of vessels, submarines and targets.
Top

#75224 - 2003-06-27 08:34 PM Re: JoinAD KiXforms script to move computers into Active Directory
kholm kholm Korg Regular Registered: 2000-06-19 Posts: 714 Loc: Randers, Denmark	I don't think that it is possible to use the same image for different domains, because the domain-name is used in other contexts in syspref.inf. Ie. in the section: params.MS_TCPIP Example: code: [params.MS_TCPIP] DNS=Yes DNSDomain=YourDomain.com You could overcome this by make making a ghosted image before using sysprep, and then use a different sysprep.inf for each domain. Sysprep it, and make a new ghost-image from here. Reload the not-sysprepped image and make a new image using a different sysprep.inf for the next domain. This way you can create a different image for each domain. -Erik
Top

#75225 - 2003-06-27 09:49 PM Re: JoinAD KiXforms script to move computers into Active Directory
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	The INF can also be provided on a boot floppy. That way you can have individual configs. _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

Page 1 of 1

Previous Topic View All Topics

Index Next Topic

Moderator: Glenn Barnas, NTDOC, Arend_, Jochen, Radimus, Allen, ShaneEP, Ruud van Velsen, Mart

Hop to:

Shout Box

Search the board with:
superb Board Search
or try with google:

	Web kixtart.org