#179426 - 2007-08-17 01:04 PM
Create User accounts on standalone servers
|
Ronan_Condon
Fresh Scripter
Registered: 2006-03-30
Posts: 18
|
Hi Guys,
I have been looking through previous posts and scripts etc for this but cant seem to get it to work. What I am trying to do is quite basic: I have a bunch of standalone servers, some Win2K some Win2K3, and from one of the boxes I want to run a script to create a new local admin on each box.
The closest I found on the forum was the following script but it was posted quite a while ago :
; UserFlag Constants....
; SCRIPT = &1
; ACCOUNTDISABLE = &2
; HOMEDIR_REQUIRED = &8
; LOCKOUT = &10
; PASSWD_NOTREQD = &20
; PASSWD_CANT_CHANGE = &40
; ENCRYPTED_TEXT_PASSWORD_ALLOWED = &80
; TEMP_DUPLICATE_ACCOUNT = &100
; NORMAL_ACCOUNT = &200
; INTERDOMAIN_TRUST_ACCOUNT = &800
; WORKSTATION_TRUST_ACCOUNT = &1000
; SERVER_TRUST_ACCOUNT = &2000
; DONT_EXPIRE_PASSWD = &10000
; MNS_LOGON_ACCOUNT = &20000
; SMARTCARD_REQUIRED = &40000
; TRUSTED_FOR_DELEGATION = &80000
; NOT_DELEGATED = &100000
; USE_DES_KEY_ONLY = &200000
; DONT_REQUIRE_PREAUTH = &400000
; PASSWORD_EXPIRED = &800000
; TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = &1000000
; User to create
$UserName = "NEWUSER"
; Password to set for the user
$UserPass = "NEWUSER"
; Computername to create the account on
$TargetPC = "TARGETSERVER"
; Bind to the remote machine
$Object = GetObject("WinNT://$TargetPC")
; Create the user on the remote machine
$Create = $Object.Create("User",$UserName)
; Set the password for the user
$Create.SetPassword($UserPass)
; Disable the User Must Change Password at Next Logon flag (value 0 = off, 1 = on)
$Create.PasswordExpired = 0
$UserFlags = &40 + &10000 ; User cannot change pswd + pswd never expires
$Create.Put("UserFlags",$UserFlags)
$group = GetObject("WinNT://"+$TargetPC+"/Administrators")
$group.Add($Create.ADSPath)
; Apply changes currently in cache
$Create.SetInfo
Exit
When I run this, it just comes back to a prompt, as if it had worked, but no user is created. I realise that the mistake im making might be very simple as I am new to scripting, but if anyone can help me out I'd appreciate it.
Thanks,
Ronan.
|
Top
|
|
|
|
#179428 - 2007-08-17 01:21 PM
Re: Create User accounts on standalone servers
[Re: Björn]
|
Ronan_Condon
Fresh Scripter
Registered: 2006-03-30
Posts: 18
|
yeah well the account im using is a local admin on the server im "launching" it from. but i even ran it with the RUNAS cmd window, which is how i usually run the scripts, and it still didnt make a difference. the script above is correct then?
|
Top
|
|
|
|
#179490 - 2007-08-21 10:17 AM
Re: Create User accounts on standalone servers
[Re: Shawn]
|
Ronan_Condon
Fresh Scripter
Registered: 2006-03-30
Posts: 18
|
Thanks Shawn,
That returned me an error on the line, as follows:
COM exception error "SetInfo" ((null) - (null)) [-2147352567/80020009]
Any ideas?
Thanks in advance.
|
Top
|
|
|
|
#179492 - 2007-08-21 11:02 AM
Re: Create User accounts on standalone servers
[Re: Ronan_Condon]
|
Ronan_Condon
Fresh Scripter
Registered: 2006-03-30
Posts: 18
|
ah i figured out the error above, it was to do with password not being complex enough. set it to a complex password, now getting
COM exception error "Add" ((null) - (null)) [-2147352567/80020009]
|
Top
|
|
|
|
#179493 - 2007-08-21 11:07 AM
Re: Create User accounts on standalone servers
[Re: Ronan_Condon]
|
Ronan_Condon
Fresh Scripter
Registered: 2006-03-30
Posts: 18
|
the error is occurring on this section of code :-
$group = GetObject("WinNT://"+$TargetPC+"/Administrators")
$group.Add($Create.ADSPath)
its managing to create the user but not add it to the Administrators group
|
Top
|
|
|
|
#179494 - 2007-08-21 11:25 AM
Re: Create User accounts on standalone servers
[Re: Ronan_Condon]
|
Ronan_Condon
Fresh Scripter
Registered: 2006-03-30
Posts: 18
|
so basically the following code is adding the user, with the password i set, but not adding to the group.
$= SetOption("WrapAtEol", "On")
; UserFlag Constants....
; SCRIPT = &1
; ACCOUNTDISABLE = &2
; HOMEDIR_REQUIRED = &8
; LOCKOUT = &10
; PASSWD_NOTREQD = &20
; PASSWD_CANT_CHANGE = &40
; ENCRYPTED_TEXT_PASSWORD_ALLOWED = &80
; TEMP_DUPLICATE_ACCOUNT = &100
; NORMAL_ACCOUNT = &200
; INTERDOMAIN_TRUST_ACCOUNT = &800
; WORKSTATION_TRUST_ACCOUNT = &1000
; SERVER_TRUST_ACCOUNT = &2000
; DONT_EXPIRE_PASSWD = &10000
; MNS_LOGON_ACCOUNT = &20000
; SMARTCARD_REQUIRED = &40000
; TRUSTED_FOR_DELEGATION = &80000
; NOT_DELEGATED = &100000
; USE_DES_KEY_ONLY = &200000
; DONT_REQUIRE_PREAUTH = &400000
; PASSWORD_EXPIRED = &800000
; TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = &1000000
; User to create
$UserName = "USER"
; Password to set for the user
$UserPass = "COMPLEX"
; Computername to create the account on
$TargetPC = "SERVER"
; Bind to the remote machine
$Object = GetObject("WinNT://$TargetPC")
; Create the user on the remote machine
$Create = $Object.Create("User", $UserName)
; Set the password for the user
$Create.SetPassword($UserPass)
; Disable the User Must Change Password at Next Logon flag (value 0 = off, 1 = on)
$Create.PasswordExpired = 0
$UserFlags = &40 + &10000 ; User cannot change pswd + pswd never expires
$Create.Put("UserFlags",$UserFlags)
$group = GetObject("WinNT://"+$TargetPC+"/Administrators")
$group.Add($Create.ADSPath)
? "Error3 " + @SERROR
; Apply changes currently in cache
$Create.SetInfo
? "Error4 " + @SERROR
Exit
Then I found a VBS script for adding the users to a group, which is below:
DomainString = "SERVER"
UserString = "USER"
GroupString = "Administrators"
Set GroupObj = GetObject("WinNT://" & DomainString & "/" & GroupString)
GroupObj.Add ("WinNT://" & DomainString & "/" & UserString)
Set DomainObj = Nothing
Set GroupObj = Nothing
When I run the VBS after the kix, it adds the user to the group, so obviously I tried to integrate into my script, changing
$group = GetObject("WinNT://"+$TargetPC+"/Administrators")
$group.Add($Create.ADSPath)
to
$group = GetObject("WinNT://"+$TargetPC+"/Administrators")
$group.Add("WinNT://"+$TargetPC+"/"+$Username)
I am still getting the error COM exception error "Add" ((null) - (null)) [-2147352567/80020009]
anyone any ideas? driving me nuts.
thanks.
|
Top
|
|
|
|
#179495 - 2007-08-21 11:34 AM
Re: Create User accounts on standalone servers
[Re: Ronan_Condon]
|
Ronan_Condon
Fresh Scripter
Registered: 2006-03-30
Posts: 18
|
strange also.... i added ? $Create.ADSPATH to the code to see what it would print, but when i ran the script, and THEN just run it again, it DOES add the user to the group but gives a setinfo error. im lost...
OUTPUT:
C:\kix32>kix32 account.kix
WinNT://WORKGROUP/SERVER/USER
Error3 COM exception error "Add" ((null) - (null)) [-2147352567/80020009]
Error4 COM exception error "Add" ((null) - (null)) [-2147352567/80020009]
C:\kix32>kix32 account.kix
WinNT://WORKGROUP/SERVER/USER
Error3 The operation completed successfully.
Error4 COM exception error "SetInfo" ((null) - (null)) [-2147352567/80020009]
C:\kix32>
|
Top
|
|
|
|
#179497 - 2007-08-21 11:42 AM
Re: Create User accounts on standalone servers
[Re: Ronan_Condon]
|
Ronan_Condon
Fresh Scripter
Registered: 2006-03-30
Posts: 18
|
aha. think i figured it out. I moved the group add part to after the setinfo and it worked. i think. hehe.
|
Top
|
|
|
|
#179501 - 2007-08-21 01:09 PM
Re: Create User accounts on standalone servers
[Re: Björn]
|
Ronan_Condon
Fresh Scripter
Registered: 2006-03-30
Posts: 18
|
yeah seems to be working fine after i put the group addition part after the setinfo. thanks anyway man.
|
Top
|
|
|
|
Moderator: Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart
|
0 registered
and 507 anonymous users online.
|
|
|