|
|
|||||||
Hi Guys, I have been looking through previous posts and scripts etc for this but cant seem to get it to work. What I am trying to do is quite basic: I have a bunch of standalone servers, some Win2K some Win2K3, and from one of the boxes I want to run a script to create a new local admin on each box. The closest I found on the forum was the following script but it was posted quite a while ago : Code: ; UserFlag Constants.... ; SCRIPT = &1 ; ACCOUNTDISABLE = &2 ; HOMEDIR_REQUIRED = &8 ; LOCKOUT = &10 ; PASSWD_NOTREQD = &20 ; PASSWD_CANT_CHANGE = &40 ; ENCRYPTED_TEXT_PASSWORD_ALLOWED = &80 ; TEMP_DUPLICATE_ACCOUNT = &100 ; NORMAL_ACCOUNT = &200 ; INTERDOMAIN_TRUST_ACCOUNT = &800 ; WORKSTATION_TRUST_ACCOUNT = &1000 ; SERVER_TRUST_ACCOUNT = &2000 ; DONT_EXPIRE_PASSWD = &10000 ; MNS_LOGON_ACCOUNT = &20000 ; SMARTCARD_REQUIRED = &40000 ; TRUSTED_FOR_DELEGATION = &80000 ; NOT_DELEGATED = &100000 ; USE_DES_KEY_ONLY = &200000 ; DONT_REQUIRE_PREAUTH = &400000 ; PASSWORD_EXPIRED = &800000 ; TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = &1000000 ; User to create $UserName = "NEWUSER" ; Password to set for the user $UserPass = "NEWUSER" ; Computername to create the account on $TargetPC = "TARGETSERVER" ; Bind to the remote machine $Object = GetObject("WinNT://$TargetPC") ; Create the user on the remote machine $Create = $Object.Create("User",$UserName) ; Set the password for the user $Create.SetPassword($UserPass) ; Disable the User Must Change Password at Next Logon flag (value 0 = off, 1 = on) $Create.PasswordExpired = 0 $UserFlags = &40 + &10000 ; User cannot change pswd + pswd never expires $Create.Put("UserFlags",$UserFlags) $group = GetObject("WinNT://"+$TargetPC+"/Administrators") $group.Add($Create.ADSPath) ; Apply changes currently in cache $Create.SetInfo Exit When I run this, it just comes back to a prompt, as if it had worked, but no user is created. I realise that the mistake im making might be very simple as I am new to scripting, but if anyone can help me out I'd appreciate it. Thanks, Ronan. |
||||||||
|
|
|||||||
Does your account your'e running this from have any kind of access to the servers as in administrative access? |
||||||||
|
|
|||||||
yeah well the account im using is a local admin on the server im "launching" it from. but i even ran it with the RUNAS cmd window, which is how i usually run the scripts, and it still didnt make a difference. the script above is correct then? |
||||||||
|
|
|||||||
looks correct to me - you will prolly get a more correct feedback in a jiff from someone else tho. |
||||||||
|
|
|||||||
Your going to have to put a tracer after each method/property call to nail down which is failing and why. First, put this at the top of your script: $= SetOption("WrapAtEol", "On") This will allow the long COM messages to diaply properly, then put tracers like this in your code and keep moving it around until you hit the culprit: $Create = $Object.Create("User",$UserName) ? "Error " + @SERROR $Create.SetPassword($UserPass) ? "Error " + @SERROR |
||||||||
|
|
|||||||
Thanks Shawn, That returned me an error on the Code: $Create.Setinfo COM exception error "SetInfo" ((null) - (null)) [-2147352567/80020009] Any ideas? Thanks in advance. |
||||||||
|
|
|||||||
ah i figured out the error above, it was to do with password not being complex enough. set it to a complex password, now getting COM exception error "Add" ((null) - (null)) [-2147352567/80020009] |
||||||||
|
|
|||||||
the error is occurring on this section of code :- Code: $group = GetObject("WinNT://"+$TargetPC+"/Administrators") $group.Add($Create.ADSPath) its managing to create the user but not add it to the Administrators group |
||||||||
|
|
|||||||
so basically the following code is adding the user, with the password i set, but not adding to the group. Code: $= SetOption("WrapAtEol", "On") ; UserFlag Constants.... ; SCRIPT = &1 ; ACCOUNTDISABLE = &2 ; HOMEDIR_REQUIRED = &8 ; LOCKOUT = &10 ; PASSWD_NOTREQD = &20 ; PASSWD_CANT_CHANGE = &40 ; ENCRYPTED_TEXT_PASSWORD_ALLOWED = &80 ; TEMP_DUPLICATE_ACCOUNT = &100 ; NORMAL_ACCOUNT = &200 ; INTERDOMAIN_TRUST_ACCOUNT = &800 ; WORKSTATION_TRUST_ACCOUNT = &1000 ; SERVER_TRUST_ACCOUNT = &2000 ; DONT_EXPIRE_PASSWD = &10000 ; MNS_LOGON_ACCOUNT = &20000 ; SMARTCARD_REQUIRED = &40000 ; TRUSTED_FOR_DELEGATION = &80000 ; NOT_DELEGATED = &100000 ; USE_DES_KEY_ONLY = &200000 ; DONT_REQUIRE_PREAUTH = &400000 ; PASSWORD_EXPIRED = &800000 ; TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = &1000000 ; User to create $UserName = "USER" ; Password to set for the user $UserPass = "COMPLEX" ; Computername to create the account on $TargetPC = "SERVER" ; Bind to the remote machine $Object = GetObject("WinNT://$TargetPC") ; Create the user on the remote machine $Create = $Object.Create("User", $UserName) ; Set the password for the user $Create.SetPassword($UserPass) ; Disable the User Must Change Password at Next Logon flag (value 0 = off, 1 = on) $Create.PasswordExpired = 0 $UserFlags = &40 + &10000 ; User cannot change pswd + pswd never expires $Create.Put("UserFlags",$UserFlags) $group = GetObject("WinNT://"+$TargetPC+"/Administrators") $group.Add($Create.ADSPath) ? "Error3 " + @SERROR ; Apply changes currently in cache $Create.SetInfo ? "Error4 " + @SERROR Exit Then I found a VBS script for adding the users to a group, which is below: Code: DomainString = "SERVER" UserString = "USER" GroupString = "Administrators" Set GroupObj = GetObject("WinNT://" & DomainString & "/" & GroupString) GroupObj.Add ("WinNT://" & DomainString & "/" & UserString) Set DomainObj = Nothing Set GroupObj = Nothing When I run the VBS after the kix, it adds the user to the group, so obviously I tried to integrate into my script, changing Code: $group = GetObject("WinNT://"+$TargetPC+"/Administrators") $group.Add($Create.ADSPath) to Code: $group = GetObject("WinNT://"+$TargetPC+"/Administrators") $group.Add("WinNT://"+$TargetPC+"/"+$Username) I am still getting the error COM exception error "Add" ((null) - (null)) [-2147352567/80020009] anyone any ideas? driving me nuts. thanks. |
||||||||
|
|
|||||||
strange also.... i added ? $Create.ADSPATH to the code to see what it would print, but when i ran the script, and THEN just run it again, it DOES add the user to the group but gives a setinfo error. im lost... OUTPUT: Code: C:\kix32>kix32 account.kix WinNT://WORKGROUP/SERVER/USER Error3 COM exception error "Add" ((null) - (null)) [-2147352567/80020009] Error4 COM exception error "Add" ((null) - (null)) [-2147352567/80020009] C:\kix32>kix32 account.kix WinNT://WORKGROUP/SERVER/USER Error3 The operation completed successfully. Error4 COM exception error "SetInfo" ((null) - (null)) [-2147352567/80020009] C:\kix32> |
||||||||
|
|
|||||||
aha. think i figured it out. I moved the group add part to after the setinfo and it worked. i think. hehe. |
||||||||
|
|
|||||||
I've seen a udf that converts the errorresults from those objects, cannot remember what it was called tho. but if you seemed to have figured it out, perhaps it doesn't matter |
||||||||
|
|
|||||||
yeah seems to be working fine after i put the group addition part after the setinfo. thanks anyway man. |
||||||||
|
|
|||||||
Originally Posted By: Björn I've seen a udf that converts the errorresults from those objects, cannot remember what it was called tho. but if you seemed to have figured it out, perhaps it doesn't matter You mean this one? UDF Library » Cerror() - translates com-errors |
||||||||
|
|
|||||||
bingo I'd give it a go on those errors, just to check what was causing it more exactly |
||||||||
|
|
|||||||
Originally Posted By: Björn bingo .... Yeeha. What did I win?? I want it all, I want it all and I want it now! |
||||||||
|
|
|||||||
you won a search-hero badge, and part of it is that you have to look for it yourself! |
||||||||
|
|
|||||||
LOL |