Trying to convert over the VBS Script from Microsoft and I ran this through Jooel's VBS2KIX script and it looks pretty good..
The basis of this code is from - http://support.microsoft.com/default.aspx?scid=KB;en-us;q222525
Code:
cls
break on
;***********************
;* Start Script
;***********************
Dim $sComputerName,$sUserOrGroup,$sPath,$computerContainer,$rootDSE,$lFlag
Dim $secDescriptor,$dACL,$ACE,$oComputer,$sPwd
;*********************************************************************
;* Declare constants used in defining the default location for the
;* machine account, flags to identify the object as a machine account,
;* and security flags
;*********************************************************************
$UF_WORKSTATION_TRUST_ACCOUNT=+H1000
$UF_ACCOUNTDISABLE=+H2
$UF_PASSWD_NOTREQD=+H20
$ADS_GUID_COMPUTRS_CONTAINER="aa312825768811d1aded00c04fd8d5cd"
$ADS_ACETYPE_ACCESS_ALLOWED=0
$ADS_ACEFLAG_INHERIT_ACE=2
;*********************************************************************
;* $the flags on this object to identify it as a machine account
;* and determine the name. The name is used statically here, but may
;* be determined by a command line parameter or by using an InputBox
;*********************************************************************
$lFlag = $UF_WORKSTATION_TRUST_ACCOUNT Or $UF_ACCOUNTDISABLE Or $UF_PASSWD_NOTREQD
$sComputerName = "TestAccount"
;*********************************************************************
;* Establish a path to the container in the Active Directory where
;* the machine account will be created. In this example, this will
;* automatically locate a domain controller for the domain, read the
;* domain name, and bind to the default "Computers" container
;*********************************************************************
$rootDSE = GetObject("LDAP://RootDSE")
$sPath="LDAP://<WKGUID="+$ADS_GUID_COMPUTRS_CONTAINER
$sPath=$sPath+","
$sPath=$sPath+$rootDSE.Get("defaultNamingContext")
$sPath=$sPath+">"
$computerContainer=GetObject($sPath)
$sPath = "LDAP://"+$computerContainer.Get("distinguishedName")
$computerContainer=GetObject($sPath)
;*********************************************************************
;* Here, the computer account is created. Certain attributes must
;* have a value before calling .SetInfo to commit (write) the object
;* to the Active Directory
;*********************************************************************
$oComputer=$computerContainer.Create("computer","CN="+$sComputerName)
$oComputer.Put("samAccountName",$sComputerName+"$$")
$oComputer.Put("userAccountControl",$lFlag)
$oComputer.SetInfo
;*********************************************************************
;* Establish a default password for the machine account
;*********************************************************************
$sPwd = $sComputerName + "$"
$sPwd = LCase($sPwd)
$oComputer.SetPassword $sPwd
;*********************************************************************
;* Specify which user or group may activate/join this computer to the
;* domain. In this example, "MYDOMAIN" is the domain name and
;* "JoeSmith" is the account being given the permission. Note that
;* this is the downlevel naming convention used in this example.
;*********************************************************************
$sUserOrGroup="YOURDOMAIN\user"
;*********************************************************************
;* Bind to the Discretionary ACL on the newly created computer account
;* and create an Access Control Entry (ACE) that gives the specified
;* user or group full control on the machine account
;*********************************************************************
$secDescriptor=$oComputer.Get("ntSecurityDescriptor")
$dACL=$secDescriptor.DiscretionaryAcl
$ACE=CreateObject("AccessControlEntry")
;*********************************************************************
;* An AccessMask of "-1" grants Full Control
;*********************************************************************
$ACE.AccessMask = -1
$ACE.AceType=$ADS_ACETYPE_ACCESS_ALLOWED
$ACE.AceFlags=$ADS_ACEFLAG_INHERIT_ACE
;*********************************************************************
;* Grant this control to the user or group specified earlier.
;*********************************************************************
$ACE.Trustee=$sUserOrGroup
;*********************************************************************
;* Now, add this ACE to the DACL on the machine account
;*********************************************************************
$dACL.AddAce($ACE)
$ACE=0
$secDescriptor.DiscretionaryAcl = $dACL
;*********************************************************************
;* Commit (write) the security changes to the machine account
;*********************************************************************
$oComputer.Put("ntSecurityDescriptor", Array($secDescriptor))
$oComputer.SetInfo
;*********************************************************************
;* Once all parameters and permissions have been set, enable the
;* account.
;*********************************************************************
$oComputer.AccountDisabled = not 1
$oComputer.SetInfo
;*********************************************************************
;* Create an Access Control Entry (ACE) that gives the specified user
;* or group full control on the machine account
;*********************************************************************
"The command completed successfully."
;*****************
;* End Script
;*****************
However, when I run it I get the following error-
Quote:
ERROR : IDispatch pointers not allowed in expressions!
Script: C:\!Kix\addcomputer.KIX
Line : 105
Line 105 is -
Code:
$ACE=0
Thanks!
Kent
