Bulk Insert of Computers - KiXtart.org

You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » Advanced Scripting » Bulk Insert of Computers

Page 1 of 2

Topic Options

#125432 - 2004-08-21 01:06 AM

Bulk Insert of Computers

Kdyer

KiX Supporter

Registered: 2001-01-03
Posts: 6241
Loc: Tigard, OR

Trying to convert over the VBS Script from Microsoft and I ran this through Jooel's VBS2KIX script and it looks pretty good..

The basis of this code is from - http://support.microsoft.com/default.aspx?scid=KB;en-us;q222525
Code:


cls

break on

;***********************

;* Start Script

;***********************



Dim $sComputerName,$sUserOrGroup,$sPath,$computerContainer,$rootDSE,$lFlag

Dim $secDescriptor,$dACL,$ACE,$oComputer,$sPwd



;*********************************************************************

;* Declare constants used in defining the default location for the 

;* machine account, flags to identify the object as a machine account,

;* and security flags

;*********************************************************************



$UF_WORKSTATION_TRUST_ACCOUNT=+H1000

$UF_ACCOUNTDISABLE=+H2

$UF_PASSWD_NOTREQD=+H20

$ADS_GUID_COMPUTRS_CONTAINER="aa312825768811d1aded00c04fd8d5cd"

$ADS_ACETYPE_ACCESS_ALLOWED=0

$ADS_ACEFLAG_INHERIT_ACE=2



;*********************************************************************

;* $the flags on this object to identify it as a machine account

;* and determine the name.  The name is used statically here, but may 

;* be determined by a command line parameter or by using an InputBox

;*********************************************************************



$lFlag = $UF_WORKSTATION_TRUST_ACCOUNT Or $UF_ACCOUNTDISABLE Or $UF_PASSWD_NOTREQD

$sComputerName = "TestAccount"



;*********************************************************************

;* Establish a path to the container in the Active Directory where

;* the machine account will be created.  In this example, this will

;* automatically locate a domain controller for the domain, read the 

;* domain name, and bind to the default "Computers" container

;*********************************************************************



$rootDSE = GetObject("LDAP://RootDSE")

$sPath="LDAP://<WKGUID="+$ADS_GUID_COMPUTRS_CONTAINER

$sPath=$sPath+","

$sPath=$sPath+$rootDSE.Get("defaultNamingContext")

$sPath=$sPath+">"

$computerContainer=GetObject($sPath)

$sPath = "LDAP://"+$computerContainer.Get("distinguishedName")

$computerContainer=GetObject($sPath)



;*********************************************************************

;* Here, the computer account is created.  Certain attributes must

;* have a value before calling .SetInfo to commit (write) the object

;* to the Active Directory

;*********************************************************************



$oComputer=$computerContainer.Create("computer","CN="+$sComputerName)

$oComputer.Put("samAccountName",$sComputerName+"$$")

$oComputer.Put("userAccountControl",$lFlag)

$oComputer.SetInfo



;*********************************************************************

;* Establish a default password for the machine account

;*********************************************************************



$sPwd = $sComputerName + "$"

$sPwd = LCase($sPwd)

$oComputer.SetPassword $sPwd



;*********************************************************************

;* Specify which user or group may activate/join this computer to the 

;* domain.  In this example, "MYDOMAIN" is the domain name and

;* "JoeSmith" is the account being given the permission.  Note that 

;* this is the downlevel naming convention used in this example.

;*********************************************************************



$sUserOrGroup="YOURDOMAIN\user"



;*********************************************************************

;* Bind to the Discretionary ACL on the newly created computer account

;* and create an Access Control Entry (ACE) that gives the specified

;* user or group full control on the machine account

;*********************************************************************



$secDescriptor=$oComputer.Get("ntSecurityDescriptor")

$dACL=$secDescriptor.DiscretionaryAcl

$ACE=CreateObject("AccessControlEntry")



;*********************************************************************

;* An AccessMask of "-1" grants Full Control

;*********************************************************************



$ACE.AccessMask = -1

$ACE.AceType=$ADS_ACETYPE_ACCESS_ALLOWED

$ACE.AceFlags=$ADS_ACEFLAG_INHERIT_ACE



;*********************************************************************

;* Grant this control to the user or group specified earlier.

;*********************************************************************



$ACE.Trustee=$sUserOrGroup



;*********************************************************************

;* Now, add this ACE to the DACL on the machine account

;*********************************************************************



$dACL.AddAce($ACE)

$ACE=0

$secDescriptor.DiscretionaryAcl = $dACL



;*********************************************************************

;* Commit (write) the security changes to the machine account

;*********************************************************************



$oComputer.Put("ntSecurityDescriptor", Array($secDescriptor))

$oComputer.SetInfo



;*********************************************************************

;* Once all parameters and permissions have been set, enable the 

;* account.

;*********************************************************************



$oComputer.AccountDisabled = not 1

$oComputer.SetInfo



;*********************************************************************

;* Create an Access Control Entry (ACE) that gives the specified user 

;* or group full control on the machine account

;*********************************************************************



 "The command completed successfully."



;*****************

;* End Script

;*****************

However, when I run it I get the following error-

Quote:

ERROR : IDispatch pointers not allowed in expressions!
Script: C:\!Kix\addcomputer.KIX
Line : 105

Line 105 is -
Code:


$ACE=0

Thanks!

Kent

Edited by kdyer (2004-08-21 01:10 AM)

_________________________
Utilize these resources:
UDFs (Full List)
KiXtart FAQ & How to's

Top

#125433 - 2004-08-21 01:15 AM Re: Bulk Insert of Computers
Shawn Shawn Administrator Registered: 1999-08-13 Posts: 8611	Its proably the line above, try this: $= $dACL.AddAce($ACE)
Top

#125434 - 2004-08-21 01:19 AM Re: Bulk Insert of Computers
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	hmmm... wasn't there just a thread about these? $dACL=$secDescriptor.DiscretionaryAcl _________________________ ! download KiXnet
Top

#125435 - 2004-08-21 01:23 AM Re: Bulk Insert of Computers
Shawn Shawn Administrator Registered: 1999-08-13 Posts: 8611	This line looks little messed up: $oComputer.SetPassword $sPwd Should maybe be: $oComputer.SetPassword($sPwd)
Top

#125436 - 2004-08-21 01:29 AM Re: Bulk Insert of Computers
Kdyer Kdyer KiX Supporter Registered: 2001-01-03 Posts: 6241 Loc: Tigard, OR	Shawn, Still no good.. Remember, we have played with DACLs, etc. in the following post - Kent: Review a WSH script - Part Deux And yes a couple of flavors of that. Kent _________________________ Utilize these resources: UDFs (Full List) KiXtart FAQ & How to's
Top

#125437 - 2004-08-21 01:42 AM Re: Bulk Insert of Computers
Shawn Shawn Administrator Registered: 1999-08-13 Posts: 8611	These need some tweaking ... $UF_WORKSTATION_TRUST_ACCOUNT=+H1000 $UF_ACCOUNTDISABLE=+H2 $UF_PASSWD_NOTREQD=+H20 Should be: $UF_WORKSTATION_TRUST_ACCOUNT = &01000 $UF_ACCOUNTDISABLE = &02 $UF_PASSWD_NOTREQD = &020
Top

#125438 - 2004-08-21 01:49 AM Re: Bulk Insert of Computers
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	yup, the conversion engine clearly screwed up there... _________________________ ! download KiXnet
Top

#125439 - 2004-08-21 01:50 AM Re: Bulk Insert of Computers
Kdyer Kdyer KiX Supporter Registered: 2001-01-03 Posts: 6241 Loc: Tigard, OR	OK.. Done.. Still error on 105. Kent _________________________ Utilize these resources: UDFs (Full List) KiXtart FAQ & How to's
Top

#125440 - 2004-08-21 02:11 AM Re: Bulk Insert of Computers
maciep maciep Korg Regular Registered: 2002-06-14 Posts: 947 Loc: Pittsburgh	looks like that line is just trying to clean up the $ACE object. Not that it is good practice, but have you tried just commenting it out? _________________________ Eric
Top

#125441 - 2004-08-21 02:12 AM Re: Bulk Insert of Computers
Shawn Shawn Administrator Registered: 1999-08-13 Posts: 8611	What line is your 109 ?
Top

#125442 - 2004-08-21 02:38 AM Re: Bulk Insert of Computers
Chris S. Chris S. MM club member Registered: 2002-03-18 Posts: 2368 Loc: Earth	The error is probably in... Code: $secDescriptor.DiscretionaryAcl = $dACL ...and may not work with KiX. This line looks suspicious too... Code: $oComputer.Put("ntSecurityDescriptor", Array($secDescriptor))
Top

#125443 - 2004-08-22 04:59 PM Re: Bulk Insert of Computers
Kdyer Kdyer KiX Supporter Registered: 2001-01-03 Posts: 6241 Loc: Tigard, OR	Chris, You are probably right. I will try a couple of things when I get back in to the office. Kent _________________________ Utilize these resources: UDFs (Full List) KiXtart FAQ & How to's
Top

#125444 - 2004-08-23 12:11 AM Re: Bulk Insert of Computers
Howard Bullock Howard Bullock KiX Supporter Registered: 2000-09-15 Posts: 5809 Loc: Harrisburg, PA USA	If it is worth anthing, I created a Perl EXE sometime ago to do just this. It takes a TAB delimited input file of DOMAIN, ComputerName, DNofOU. I can post it on my site if anyone is interested in trying it out. _________________________ Home page: http://www.kixhelp.com/hb/
Top

#125445 - 2004-08-23 03:50 AM Re: Bulk Insert of Computers
Kdyer Kdyer KiX Supporter Registered: 2001-01-03 Posts: 6241 Loc: Tigard, OR	Definitely! I am in the process of building 200 compuers to replace those coming off of lease. Thanks Howard! Kent _________________________ Utilize these resources: UDFs (Full List) KiXtart FAQ & How to's
Top

#125446 - 2004-08-24 05:01 AM Re: Bulk Insert of Computers
Howard Bullock Howard Bullock KiX Supporter Registered: 2000-09-15 Posts: 5809 Loc: Harrisburg, PA USA	Progam uploaded to my website. _________________________ Home page: http://www.kixhelp.com/hb/
Top

#125447 - 2004-08-24 07:38 AM Re: Bulk Insert of Computers
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	kent, what script you were using? the one posted at scripts or somewhere alike? _________________________ ! download KiXnet
Top

#125448 - 2004-08-24 02:24 PM Re: Bulk Insert of Computers
maciep maciep Korg Regular Registered: 2002-06-14 Posts: 947 Loc: Pittsburgh	I think it's this one: Automating the creation of computer accounts _________________________ Eric
Top

#125449 - 2004-08-24 02:32 PM Re: Bulk Insert of Computers
Kdyer Kdyer KiX Supporter Registered: 2001-01-03 Posts: 6241 Loc: Tigard, OR	Yes.. That is the one from M$. Kent _________________________ Utilize these resources: UDFs (Full List) KiXtart FAQ & How to's
Top

#125450 - 2004-08-24 03:24 PM Re: Bulk Insert of Computers
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	talking about that VBS2KIX, he is... me thinks. _________________________ ! download KiXnet
Top

#125451 - 2004-08-24 04:18 PM Re: Bulk Insert of Computers
Kdyer Kdyer KiX Supporter Registered: 2001-01-03 Posts: 6241 Loc: Tigard, OR	Right.. I used that for this process of conversion. Kent _________________________ Utilize these resources: UDFs (Full List) KiXtart FAQ & How to's
Top

Page 1 of 2

Previous Topic View All Topics

Index Next Topic

Moderator: Glenn Barnas, NTDOC, Arend_, Jochen, Radimus, Allen, ShaneEP, Ruud van Velsen, Mart

Hop to:

Shout Box

Search the board with:
superb Board Search
or try with google:

	Web kixtart.org