| Ronan_Condon |
| (Fresh Scripter) |
| 2007-08-17 01:04 PM |
Create User accounts on standalone servers
|
Hi Guys,
I have been looking through previous posts and scripts etc for this but cant seem to get it to work. What I am trying to do is quite basic: I have a bunch of standalone servers, some Win2K some Win2K3, and from one of the boxes I want to run a script to create a new local admin on each box.
The closest I found on the forum was the following script but it was posted quite a while ago :
Code:
; UserFlag Constants....
; SCRIPT = &1
; ACCOUNTDISABLE = &2
; HOMEDIR_REQUIRED = &8
; LOCKOUT = &10
; PASSWD_NOTREQD = &20
; PASSWD_CANT_CHANGE = &40
; ENCRYPTED_TEXT_PASSWORD_ALLOWED = &80
; TEMP_DUPLICATE_ACCOUNT = &100
; NORMAL_ACCOUNT = &200
; INTERDOMAIN_TRUST_ACCOUNT = &800
; WORKSTATION_TRUST_ACCOUNT = &1000
; SERVER_TRUST_ACCOUNT = &2000
; DONT_EXPIRE_PASSWD = &10000
; MNS_LOGON_ACCOUNT = &20000
; SMARTCARD_REQUIRED = &40000
; TRUSTED_FOR_DELEGATION = &80000
; NOT_DELEGATED = &100000
; USE_DES_KEY_ONLY = &200000
; DONT_REQUIRE_PREAUTH = &400000
; PASSWORD_EXPIRED = &800000
; TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = &1000000
; User to create
$UserName = "NEWUSER"
; Password to set for the user
$UserPass = "NEWUSER"
; Computername to create the account on
$TargetPC = "TARGETSERVER"
; Bind to the remote machine
$Object = GetObject("WinNT://$TargetPC")
; Create the user on the remote machine
$Create = $Object.Create("User",$UserName)
; Set the password for the user
$Create.SetPassword($UserPass)
; Disable the User Must Change Password at Next Logon flag (value 0 = off, 1 = on)
$Create.PasswordExpired = 0
$UserFlags = &40 + &10000 ; User cannot change pswd + pswd never expires
$Create.Put("UserFlags",$UserFlags)
$group = GetObject("WinNT://"+$TargetPC+"/Administrators")
$group.Add($Create.ADSPath)
; Apply changes currently in cache
$Create.SetInfo
Exit
When I run this, it just comes back to a prompt, as if it had worked, but no user is created. I realise that the mistake im making might be very simple as I am new to scripting, but if anyone can help me out I'd appreciate it.
Thanks,
Ronan.
| Björn |
| (Korg Regular) |
| 2007-08-17 01:19 PM |
|
Re: Create User accounts on standalone servers
|
Does your account your'e running this from have any kind of access to the servers as in administrative access?
| Ronan_Condon |
| (Fresh Scripter) |
| 2007-08-17 01:21 PM |
|
Re: Create User accounts on standalone servers
|
yeah well the account im using is a local admin on the server im "launching" it from. but i even ran it with the RUNAS cmd window, which is how i usually run the scripts, and it still didnt make a difference.
the script above is correct then?
| Björn |
| (Korg Regular) |
| 2007-08-17 01:24 PM |
|
Re: Create User accounts on standalone servers
|
looks correct to me - you will prolly get a more correct feedback in a jiff from someone else tho.
Shawn
|
| (KiX Supporter) |
| 2007-08-17 03:01 PM |
|
|
Re: Create User accounts on standalone servers
|
Your going to have to put a tracer after each method/property call to nail down which is failing and why. First, put this at the top of your script:
$= SetOption("WrapAtEol", "On")
This will allow the long COM messages to diaply properly, then put tracers like this in your code and keep moving it around until you hit the culprit:
$Create = $Object.Create("User",$UserName)
? "Error " + @SERROR
$Create.SetPassword($UserPass)
? "Error " + @SERROR
| Ronan_Condon |
| (Fresh Scripter) |
| 2007-08-21 10:17 AM |
|
Re: Create User accounts on standalone servers
|
Thanks Shawn,
That returned me an error on the
Code:
$Create.Setinfo
COM exception error "SetInfo" ((null) - (null)) [-2147352567/80020009]
Any ideas?
Thanks in advance.
| Ronan_Condon |
| (Fresh Scripter) |
| 2007-08-21 11:02 AM |
|
Re: Create User accounts on standalone servers
|
ah i figured out the error above, it was to do with password not being complex enough. set it to a complex password, now getting
COM exception error "Add" ((null) - (null)) [-2147352567/80020009]
| Ronan_Condon |
| (Fresh Scripter) |
| 2007-08-21 11:07 AM |
|
Re: Create User accounts on standalone servers
|
the error is occurring on this section of code :-
Code:
$group = GetObject("WinNT://"+$TargetPC+"/Administrators")
$group.Add($Create.ADSPath) its managing to create the user but not add it to the Administrators group
| Ronan_Condon |
| (Fresh Scripter) |
| 2007-08-21 11:25 AM |
|
Re: Create User accounts on standalone servers
|
so basically the following code is adding the user, with the password i set, but not adding to the group.
Code:
$= SetOption("WrapAtEol", "On")
; UserFlag Constants....
; SCRIPT = &1
; ACCOUNTDISABLE = &2
; HOMEDIR_REQUIRED = &8
; LOCKOUT = &10
; PASSWD_NOTREQD = &20
; PASSWD_CANT_CHANGE = &40
; ENCRYPTED_TEXT_PASSWORD_ALLOWED = &80
; TEMP_DUPLICATE_ACCOUNT = &100
; NORMAL_ACCOUNT = &200
; INTERDOMAIN_TRUST_ACCOUNT = &800
; WORKSTATION_TRUST_ACCOUNT = &1000
; SERVER_TRUST_ACCOUNT = &2000
; DONT_EXPIRE_PASSWD = &10000
; MNS_LOGON_ACCOUNT = &20000
; SMARTCARD_REQUIRED = &40000
; TRUSTED_FOR_DELEGATION = &80000
; NOT_DELEGATED = &100000
; USE_DES_KEY_ONLY = &200000
; DONT_REQUIRE_PREAUTH = &400000
; PASSWORD_EXPIRED = &800000
; TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = &1000000
; User to create
$UserName = "USER"
; Password to set for the user
$UserPass = "COMPLEX"
; Computername to create the account on
$TargetPC = "SERVER"
; Bind to the remote machine
$Object = GetObject("WinNT://$TargetPC")
; Create the user on the remote machine
$Create = $Object.Create("User", $UserName)
; Set the password for the user
$Create.SetPassword($UserPass)
; Disable the User Must Change Password at Next Logon flag (value 0 = off, 1 = on)
$Create.PasswordExpired = 0
$UserFlags = &40 + &10000 ; User cannot change pswd + pswd never expires
$Create.Put("UserFlags",$UserFlags)
$group = GetObject("WinNT://"+$TargetPC+"/Administrators")
$group.Add($Create.ADSPath)
? "Error3 " + @SERROR
; Apply changes currently in cache
$Create.SetInfo
? "Error4 " + @SERROR
Exit
Then I found a VBS script for adding the users to a group, which is below:
Code:
DomainString = "SERVER"
UserString = "USER"
GroupString = "Administrators"
Set GroupObj = GetObject("WinNT://" & DomainString & "/" & GroupString)
GroupObj.Add ("WinNT://" & DomainString & "/" & UserString)
Set DomainObj = Nothing
Set GroupObj = Nothing
When I run the VBS after the kix, it adds the user to the group, so obviously I tried to integrate into my script, changing
Code:
$group = GetObject("WinNT://"+$TargetPC+"/Administrators")
$group.Add($Create.ADSPath)
to
Code:
$group = GetObject("WinNT://"+$TargetPC+"/Administrators")
$group.Add("WinNT://"+$TargetPC+"/"+$Username)
I am still getting the error
COM exception error "Add" ((null) - (null)) [-2147352567/80020009]
anyone any ideas? driving me nuts.
thanks.
| Ronan_Condon |
| (Fresh Scripter) |
| 2007-08-21 11:34 AM |
|
Re: Create User accounts on standalone servers
|
strange also.... i added ? $Create.ADSPATH to the code to see what it would print, but when i ran the script, and THEN just run it again, it DOES add the user to the group but gives a setinfo error. im lost...
OUTPUT:
Code:
C:\kix32>kix32 account.kix WinNT://WORKGROUP/SERVER/USER Error3 COM exception error "Add" ((null) - (null)) [-2147352567/80020009] Error4 COM exception error "Add" ((null) - (null)) [-2147352567/80020009] C:\kix32>kix32 account.kix WinNT://WORKGROUP/SERVER/USER Error3 The operation completed successfully. Error4 COM exception error "SetInfo" ((null) - (null)) [-2147352567/80020009] C:\kix32>
| Ronan_Condon |
| (Fresh Scripter) |
| 2007-08-21 11:42 AM |
|
Re: Create User accounts on standalone servers
|
aha. think i figured it out. I moved the group add part to after the setinfo and it worked. i think. hehe.
| Björn |
| (Korg Regular) |
| 2007-08-21 12:48 PM |
|
Re: Create User accounts on standalone servers
|
I've seen a udf that converts the errorresults from those objects, cannot remember what it was called tho. but if you seemed to have figured it out, perhaps it doesn't matter
| Ronan_Condon |
| (Fresh Scripter) |
| 2007-08-21 01:09 PM |
|
Re: Create User accounts on standalone servers
|
yeah seems to be working fine after i put the group addition part after the setinfo. thanks anyway man.
| Mart |
| (KiX Supporter) |
| 2007-08-21 01:51 PM |
|
|
Re: Create User accounts on standalone servers
|
Originally Posted By: Björn
I've seen a udf that converts the errorresults from those objects, cannot remember what it was called tho. but if you seemed to have figured it out, perhaps it doesn't matter
You mean this one?
UDF Library » Cerror() - translates com-errors
| Björn |
| (Korg Regular) |
| 2007-08-21 01:57 PM |
|
Re: Create User accounts on standalone servers
|
bingo
I'd give it a go on those errors, just to check what was causing it more exactly
| Mart |
| (KiX Supporter) |
| 2007-08-21 02:17 PM |
|
|
|
Re: Create User accounts on standalone servers
|
Originally Posted By: Björn
bingo
....
Yeeha. What did I win?? I want it all, I want it all and I want it now!
| Björn |
| (Korg Regular) |
| 2007-08-21 02:20 PM |
Re: Create User accounts on standalone servers
|
you won a search-hero badge, and part of it is that you have to look for it yourself!
| Mart |
| (KiX Supporter) |
| 2007-08-21 02:38 PM |
|
|
|
Re: Create User accounts on standalone servers
|
LOL
