| Radimus |
| (KiX Supporter) |
| 2003-06-26 07:24 PM |
|
need to authenticate from workgroup
|
I can convert this easilly enough to Kix:
strComputer = "atl-pro-040"
Set objComputer = GetObject("LDAP://CN=" & strComputer & _
",CN=Computers,DC=fabrikam,DC=com")
objComputer.DeleteObject(0)
But I have to run this from a workgroup computer and need to authenticate first...
any ideas...
Shawn
|
| (KiX Supporter) |
| 2003-06-26 07:43 PM |
|
|
Re: need to authenticate from workgroup
|
I know this works with the WinNT provider logged in with a local account but wkstn joined to target domain ... not sure about workgroup.
code:Not sure if you can just replace WinNT with LDAP and have it work, worth a try ...$root = GetObject("WinNT:")
$domain = $root.OpenDSObject("WinNT://@LDOMAIN", "Administrator", "password" , 0)
-Shawn
| Les |
| (KiX Master) |
| 2003-06-26 07:48 PM |
|
Re: need to authenticate from workgroup
|
Could you do a NET USE IPC$ USER PASSWORD thingy first?
| Sealeopard |
| (KiX Master) |
| 2003-06-26 07:54 PM |
|
|
Re: need to authenticate from workgroup
|
Or take a look at fnWMIAuthentication().
| Radimus |
| (KiX Supporter) |
| 2003-06-26 08:00 PM |
|
|
|
Re: need to authenticate from workgroup
|
basically what I'm trying to do is remove/delete a computer account from the domain, if the Netdom thingy fails to renamecomputer.
the machine will not be a member of the domain at that time, but I will have the acct password of a domainadmin available
| Richie19Rich77 |
| (Seasoned Scripter) |
| 2003-06-26 10:19 PM |
|
|
Re: need to authenticate from workgroup
|
I have this somewhere, just to get it right, you want to connect in AD using LDAP, but while the workstation or the logged on user is not part of the domain. ??
Ok here we go this should do, just modify the code to delete computer account rather then add it.
Would do it, but my hard drive of 2000 server has gone wrong, sorry
code:; Set the login credential
$sUser = "Administrator"
$sPassword = "password"
; Set the domain controler and the proper context
$sDomain = "domaincontroller"
$sContainer = "OU=Clients"
; Connect to ADS with the provided login credential
$oProvider = GetObject("LDAP:")
$rootDSE = $oProvider.OpenDSObject("LDAP://" + $sDomain + "/RootDSE", $sUser, $sPassword, 1)
; Collect the proper path, and get the OU where the machine should be created
$sPath = "LDAP://" + $sDomain + "/" + $sContainer + ","
$sPath = $sPath + $rootDSE.Get("defaultNamingContext")
$MyOU = $oProvider.OpenDSObject($sPath, $sUser, $sPassword, 1)
IF NOT $MyOU = 0
$MachineObj = $MyOU.Create("computer", "CN=NewPC")
IF NOT $MachineObj = 0
; Set mandatory properties and save object
$MachineObj.samAccountName = "NewPC"
$MachineObj.SetInfo
; Activate the computer account
$MachineObj.AccountDisabled = False
$MachineObj.SetInfo
? @ERROR
?
? @SERROR
ELSE
? @ERROR
?
? @SERROR
ENDIF
ELSE
? @ERROR
?
? @SERROR
ENDIF
[ 26. June 2003, 22:46: Message edited by: Richard Farthing ]
| Radimus |
| (KiX Supporter) |
| 2005-09-07 02:16 PM |
|
|
Re: need to authenticate from workgroup
|
OK.. Time to resurrect this thread :-)
This adds a new computer object to a domain, but doesn't actually join the domain. So beyond adding the name to AD (and enabling the machine account), what function does it do?
Is there a way to detect a value for $sDomain, without hardcoding it?
Thie is for updating an old kixforms project of mine to add freshly imaged (workgroup)PCs to the domain.
It currently works fine adding the PC, if the account doesn't already exist. If it does exist it returns an error until the old machine account is manually deleted.
I also have it hardcoded to my domain, but I'd like to make it available to all, so I'd like it to be able to detect the domain controller and then to detect all the computer OUs.
I suppose being able to delete the old computer account wouldn't require scanning AD to find the OU??
| Radimus |
| (KiX Supporter) |
| 2005-09-07 02:24 PM |
|
|
|
Re: need to authenticate from workgroup
|
I'm currently doing this:
Code:
...
$objLocator = CreateObject('WbemScripting.SWbemLocator')
$objWBEM=$objLocator.ConnectServer($DC,'root\CIMV2',$DomainBox.text+'\'+$AdminBox.text,$PasswordBox.text)
...
$newName = $ComputerBox.text
$domain = $DomainBox.text
$password = $PasswordBox.text
$user = $AdminBox.text
$OU = $OUCombo.text
$JOINType = 1 + 2 + 32
Status("Joining")
$objNetwork = CreateObject("WScript.Network")
if not @error
$strComputer = $objNetwork.ComputerName
$objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\"+$strComputer+"\root\cimv2:Win32_ComputerSystem.Name='"+$strComputer+"'")
$ReturnValue = $objComputer.JoinDomainOrWorkGroup($Domain, $password, $Domain+"\"+$user, $OU, $JOINtype)
If $ReturnValue
Status("Failed joining "+@wksta+" to "+$domain)
Status($ReturnValue)
return
EndIf
sleep 20
Status("Renaming")
$objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" + $strComputer + "\root\cimv2")
$colComputers = $objWMIService.ExecQuery("Select * from Win32_ComputerSystem")
For Each $objComputer in $colComputers
$err = $objComputer.Rename($NewName, $password, $Domain + "\" + $user)
If $err
Status("Failed Renaming "+@wksta+" to "+$NewName)
Status($err)
endif
Next
...
| Radimus |
| (KiX Supporter) |
| 2005-09-12 04:56 PM |
|
|
|
Re: need to authenticate from workgroup
|
here is the latest and greatest, there are still a few details to work out and some such, but it is good enough for a beta.
I use this to join newly imaged PCs to the domain (machines are imaged to join workgroup, so they need to be renamed and joined prior to use. User is also added to local admin.
Code:
Break On
$System = CreateObject("Kixtart.System")
;KD START
;************* Form **************
$Form = $System.Form()
$Form.BackColor = 212,208,200
$Form.Height = 346
$Form.Left = 5
$Form.MaximizeBox = "False"
$Form.MinimizeBox = "False"
$Form.Text = "JoinDomain"
$Form.Top = 22
$Form.Width = 510
;**************************************
;************* Label1 **************
$Label1 = $Form.Controls.Label("Computer Name", 15, 120, 96, 22)
;**************************************
;************* Label5 **************
$Label5 = $Form.Controls.Label("Accounts to Add", 15, 180, 100, 23)
;**************************************
;************* Label6 **************
$Label6 = $Form.Controls.Label("Add to which OU", 15, 150, 100, 23)
;**************************************
;************* ComputerBox **************
$ComputerBox = $Form.Controls.TextBox("@wksta", 135, 120, 355, 20)
;**************************************
;************* OUCombo **************
$OUCombo = $Form.Controls.ComboBox("", 135, 150, 355, 21)
$OUCombo.DropDownWidth = 355
$OUCombo.Sorted = "True"
;**************************************
;************* AccountsBox **************
$AccountsBox = $Form.Controls.TextBox("", 135, 180, 355, 20)
;**************************************
;************* StartButton **************
$StartButton = $Form.Controls.Button("Start", 15, 225, 95, 82)
$StartButton.OnClick = "StartClick()"
;**************************************
;************* StatusBox **************
$StatusBox = $Form.Controls.ListBox("ListBox1", 135, 225, 355, 82)
;**************************************
;************* DomainGroup **************
$DomainGroup = $Form.Controls.GroupBox("Connect to Domain", 15, 15, 472, 79)
;**************************************
;************* Label7 **************
$Label7 = $DomainGroup.Controls.Label("Domain", 15, 20, 98, 18)
;**************************************
;************* Label8 **************
$Label8 = $DomainGroup.Controls.Label("Domain Account", 135, 20, 99, 15)
;**************************************
;************* Label9 **************
$Label9 = $DomainGroup.Controls.Label("Domain Password", 255, 20, 98, 16)
;**************************************
;************* DomainBox **************
$DomainBox = $DomainGroup.Controls.TextBox("", 15, 45, 100, 20)
;**************************************
;************* AdminBox **************
$AdminBox = $DomainGroup.Controls.TextBox("", 135, 45, 100, 20)
;**************************************
;************* PasswordBox **************
$PasswordBox = $DomainGroup.Controls.TextBox("", 255, 45, 100, 20)
$PasswordBox.PasswordChar = "*"
;**************************************
;************* ConnectButton **************
$ConnectButton = $DomainGroup.Controls.Button("Connect", 375, 20, 85, 18)
$ConnectButton.OnClick = "VerifyDomain()"
;**************************************
;************* ConnectStatusBox **************
$ConnectStatusBox = $DomainGroup.Controls.TextBox("", 375, 45, 83, 20)
$ConnectStatusBox.BorderStyle = 1
$ConnectStatusBox.ReadOnly = "True"
$ConnectStatusBox.TextAlign = 2
;**************************************
;KD END
$DC = DC_List()
$DomainBox.Text = @domain
$AdminBox.Text = ""
$PasswordBox.Text = ""
$OUCombo.Enabled = "False"
$StartButton.Enabled = "False"
$AccountsBox.Enabled = "False"
$ComputerBox.Enabled = "False"
$Form.Show
While $Form.Visible
$=Execute($Form.DoEvents())
Loop
Exit 1
Function VerifyDomain
$ConnectStatusBox.Text = "Connecting"
$oProvider = GetObject("LDAP:")
$loop = 0
do
Status("testing connection to "+ $dc[$loop])
$rootDSE = $oProvider.OpenDSObject("LDAP://" + $DC[$loop] + "/RootDSE", $DomainBox.text+'\'+$AdminBox.Text, $PasswordBox.Text, 1)
$loop = $loop +1
until $rootDSE or $loop=ubound($dc)
if $rootDSE
$ldap = "LDAP://" + $DomainBox.text + "/" + $rootDSE.Get("defaultNamingContext")
$goodDC = $DC[$loop-1]
$ConnectStatusBox.Text = "Connected"
status("Connected to "+$goodDC)
Status("Collecting Computer OUs")
$computerOUs = EnumOUs($ldap)
for each $item in split($computerOUs,'|')
$OUCombo.additem(substr($item,instr($item,'ou')))
next
Status("Computer OUs ready for selection")
$AccountsBox.Text = 'Domain Admins, dcsa staff'
$ConnectButton.Enabled = "False"
$AdminBox.Enabled = "False"
$PasswordBox.Enabled = "False"
$DomainBox.Enabled = "False"
$OUCombo.Enabled = "True"
$StartButton.Enabled = "True"
$AccountsBox.Enabled = "True"
$ComputerBox.Enabled = "True"
$ComputerBox.Setfocus
else
Status(@serror)
Status("Failed connecting to domain controller")
Status($AdminBox.text+' '+$PasswordBox.text)
$ConnectStatusBox.Text = "Not Connected"
endif
Endfunction
Function StartClick
$newName = $ComputerBox.text
$domain = $DomainBox.text
$password = $PasswordBox.text
$user = $AdminBox.text
$OU = $OUCombo.text
$JOINType = 1 + 2 + 32
$ConnectButton.enabled = 'false'
$AccountsBox.Text = $AccountsBox.Text + ', '+ split(split($newName,'-')[0],'_')[0]
Status("Joining")
; Connect to ADS with the provided login credential
$oProvider = GetObject("LDAP:")
$rootDSE = $oProvider.OpenDSObject("LDAP://" + $Domain + "/RootDSE", $User, $Password, 1)
$sPath = "LDAP://" + $Domain + "/" + $OU
$MyOU = $oProvider.OpenDSObject($sPath, $User, $Password, 1)
IF $MyOU
$MachineObj = $MyOU.Delete("computer", "CN="+$newName)
$deltext = IIf($MachineObj,'Previous '+$newName+' PC account to be removed','No previous PC account to remove')
Status($deltext)
Status($MachineObj)
endif
$objNetwork = CreateObject("WScript.Network")
if not @error
$strComputer = $objNetwork.ComputerName
$objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\"+$strComputer+"\root\cimv2:Win32_ComputerSystem.Name='"+$strComputer+"'")
$ReturnValue = $objComputer.JoinDomainOrWorkGroup($Domain, $password, $Domain+"\"+$user, $OU, $JOINtype)
If $ReturnValue
Status("Failed joining "+@wksta+" to "+$domain)
Status($ReturnValue)
return
EndIf
sleep 20
Status("Renaming")
$objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" + $strComputer + "\root\cimv2")
$colComputers = $objWMIService.ExecQuery("Select * from Win32_ComputerSystem")
For Each $objComputer in $colComputers
$err = $objComputer.Rename($NewName, $password, $Domain + "\" + $user)
If $err
Status("Failed Renaming "+@wksta+" to "+$NewName)
Status($err)
endif
Next
For Each $name In split($AccountsBox.text,',')
$name=trim($name)
Status("Adding User "+$name)
if not $name="Domain Admins"
$objGroup = GetObject('WinNT://' + @wksta + '/' + 'Administrators')
$objGroup.Add ('WinNT://'+ $domain + '/' + $name)
if @error
Status(@serror +' error adding '+$name)
EndIF
endif
Next
Status("Complete - Restart PC")
$rc = Shutdown("", "System is being rebooted to Join Domain.", 10, 0, 1)
Quit
endif
endFunction
FUNCTION Status($text)
$StatusBox.additem($text)
$StatusBox.listindex=$StatusBox.listcount-1
EndFunction
Function DC_List()
Dim $DomDC,$oConn,$oCmd,$i,$oRecSet
$DomDC = GetObject('LDAP://rootDSE').Get('defaultNamingContext') ; Get distinguished name of domaine
$oConn = CreateObject('ADODB.Connection')
$oConn.Provider = 'ADsDSOObject'
$oConn.Open('Active Directory Provider')
$oCmd = CreateObject('ADODB.Command')
$oCmd.ActiveConnection = $oConn
$oCmd.CommandText = "Select distinguishedName from 'LDAP://cn=Configuration," + $DomDC + "' where objectClass='nTDSDSA'"
$oRecSet = $oCmd.Execute
$oRecSet.MoveFirst
While Not $oRecSet.EOF
ReDim Preserve $DC_List[$i]
$DC_List[$i] = SubStr(Split($oRecSet.Fields('distinguishedName').Value,',')[1],4)
$i = $i + 1
$oRecSet.MoveNext
Loop
EndFunction
Function EnumOUs($LDAP, optional $Filter)
dim $aFilter[0], $pos, $objOU, $i, $j
if $Filter <> 'user'
$Filter = 'computer'
endif
$objOU = GetObject($LDAP)
if VarTypeName($objOU)='Object'
$aFilter[0] = $Filter
$objOU.Filter = $aFilter
for each $item in $objOU
if $item.class = $Filter
$i = $LDAP
endif
next
$aFilter[0] = "organizationalUnit"
$objOU.Filter = $aFilter
for each $item in $objOU
$Name = $item.Name
$pos = instrrev($LDAP,"/")
$DN = Left($LDAP,$pos) + $Name + ", " + substr($LDAP, $pos+1)
$j = EnumOUs($DN, $Filter)
if $j
if $i
$i = $i +"|"+ $j
else
$i = $j
endif
endif
next
else
; ? "GetObject COM error: " + @error + " " + @serror
exit 1
endif
$EnumOUs = $i
Endfunction