#92266 - 2003-06-26 07:24 PM
need to authenticate from workgroup
|
Radimus
Moderator
Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
|
I can convert this easilly enough to Kix:
strComputer = "atl-pro-040" Set objComputer = GetObject("LDAP://CN=" & strComputer & _ ",CN=Computers,DC=fabrikam,DC=com") objComputer.DeleteObject(0)
But I have to run this from a workgroup computer and need to authenticate first...
any ideas...
|
Top
|
|
|
|
#92267 - 2003-06-26 07:43 PM
Re: need to authenticate from workgroup
|
Shawn
Administrator
Registered: 1999-08-13
Posts: 8611
|
I know this works with the WinNT provider logged in with a local account but wkstn joined to target domain ... not sure about workgroup.
code:
$root = GetObject("WinNT:") $domain = $root.OpenDSObject("WinNT://@LDOMAIN", "Administrator", "password" , 0)
Not sure if you can just replace WinNT with LDAP and have it work, worth a try ...
-Shawn
|
Top
|
|
|
|
#92270 - 2003-06-26 08:00 PM
Re: need to authenticate from workgroup
|
Radimus
Moderator
Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
|
basically what I'm trying to do is remove/delete a computer account from the domain, if the Netdom thingy fails to renamecomputer.
the machine will not be a member of the domain at that time, but I will have the acct password of a domainadmin available
|
Top
|
|
|
|
#92271 - 2003-06-26 10:19 PM
Re: need to authenticate from workgroup
|
Richie19Rich77
Seasoned Scripter
Registered: 2002-08-16
Posts: 624
Loc: London, England
|
I have this somewhere, just to get it right, you want to connect in AD using LDAP, but while the workstation or the logged on user is not part of the domain. ??
Ok here we go this should do, just modify the code to delete computer account rather then add it.
Would do it, but my hard drive of 2000 server has gone wrong, sorry
code:
; Set the login credential $sUser = "Administrator" $sPassword = "password"
; Set the domain controler and the proper context $sDomain = "domaincontroller" $sContainer = "OU=Clients"
; Connect to ADS with the provided login credential $oProvider = GetObject("LDAP:") $rootDSE = $oProvider.OpenDSObject("LDAP://" + $sDomain + "/RootDSE", $sUser, $sPassword, 1)
; Collect the proper path, and get the OU where the machine should be created $sPath = "LDAP://" + $sDomain + "/" + $sContainer + "," $sPath = $sPath + $rootDSE.Get("defaultNamingContext") $MyOU = $oProvider.OpenDSObject($sPath, $sUser, $sPassword, 1)
IF NOT $MyOU = 0 $MachineObj = $MyOU.Create("computer", "CN=NewPC") IF NOT $MachineObj = 0
; Set mandatory properties and save object $MachineObj.samAccountName = "NewPC" $MachineObj.SetInfo
; Activate the computer account $MachineObj.AccountDisabled = False $MachineObj.SetInfo
? @ERROR ? ? @SERROR ELSE ? @ERROR ? ? @SERROR ENDIF
ELSE ? @ERROR ? ? @SERROR ENDIF
[ 26. June 2003, 22:46: Message edited by: Richard Farthing ]
|
Top
|
|
|
|
#92272 - 2005-09-07 02:16 PM
Re: need to authenticate from workgroup
|
Radimus
Moderator
Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
|
OK.. Time to resurrect this thread :-)
This adds a new computer object to a domain, but doesn't actually join the domain. So beyond adding the name to AD (and enabling the machine account), what function does it do?
Is there a way to detect a value for $sDomain, without hardcoding it?
Thie is for updating an old kixforms project of mine to add freshly imaged (workgroup)PCs to the domain.
It currently works fine adding the PC, if the account doesn't already exist. If it does exist it returns an error until the old machine account is manually deleted.
I also have it hardcoded to my domain, but I'd like to make it available to all, so I'd like it to be able to detect the domain controller and then to detect all the computer OUs.
I suppose being able to delete the old computer account wouldn't require scanning AD to find the OU??
|
Top
|
|
|
|
#92273 - 2005-09-07 02:24 PM
Re: need to authenticate from workgroup
|
Radimus
Moderator
Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
|
I'm currently doing this:
Code:
... $objLocator = CreateObject('WbemScripting.SWbemLocator') $objWBEM=$objLocator.ConnectServer($DC,'root\CIMV2',$DomainBox.text+'\'+$AdminBox.text,$PasswordBox.text) ... $newName = $ComputerBox.text $domain = $DomainBox.text $password = $PasswordBox.text $user = $AdminBox.text $OU = $OUCombo.text $JOINType = 1 + 2 + 32
Status("Joining") $objNetwork = CreateObject("WScript.Network") if not @error $strComputer = $objNetwork.ComputerName $objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\"+$strComputer+"\root\cimv2:Win32_ComputerSystem.Name='"+$strComputer+"'") $ReturnValue = $objComputer.JoinDomainOrWorkGroup($Domain, $password, $Domain+"\"+$user, $OU, $JOINtype) If $ReturnValue Status("Failed joining "+@wksta+" to "+$domain) Status($ReturnValue) return EndIf sleep 20
Status("Renaming") $objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" + $strComputer + "\root\cimv2") $colComputers = $objWMIService.ExecQuery("Select * from Win32_ComputerSystem") For Each $objComputer in $colComputers $err = $objComputer.Rename($NewName, $password, $Domain + "\" + $user) If $err Status("Failed Renaming "+@wksta+" to "+$NewName) Status($err) endif Next ...
|
Top
|
|
|
|
#92274 - 2005-09-12 04:56 PM
Re: need to authenticate from workgroup
|
Radimus
Moderator
Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
|
here is the latest and greatest, there are still a few details to work out and some such, but it is good enough for a beta.
I use this to join newly imaged PCs to the domain (machines are imaged to join workgroup, so they need to be renamed and joined prior to use. User is also added to local admin.
Code:
Break On $System = CreateObject("Kixtart.System")
;KD START
;************* Form ************** $Form = $System.Form() $Form.BackColor = 212,208,200 $Form.Height = 346 $Form.Left = 5 $Form.MaximizeBox = "False" $Form.MinimizeBox = "False" $Form.Text = "JoinDomain" $Form.Top = 22 $Form.Width = 510 ;**************************************
;************* Label1 ************** $Label1 = $Form.Controls.Label("Computer Name", 15, 120, 96, 22) ;**************************************
;************* Label5 ************** $Label5 = $Form.Controls.Label("Accounts to Add", 15, 180, 100, 23) ;**************************************
;************* Label6 ************** $Label6 = $Form.Controls.Label("Add to which OU", 15, 150, 100, 23) ;**************************************
;************* ComputerBox ************** $ComputerBox = $Form.Controls.TextBox("@wksta", 135, 120, 355, 20) ;**************************************
;************* OUCombo ************** $OUCombo = $Form.Controls.ComboBox("", 135, 150, 355, 21) $OUCombo.DropDownWidth = 355 $OUCombo.Sorted = "True" ;**************************************
;************* AccountsBox ************** $AccountsBox = $Form.Controls.TextBox("", 135, 180, 355, 20) ;**************************************
;************* StartButton ************** $StartButton = $Form.Controls.Button("Start", 15, 225, 95, 82) $StartButton.OnClick = "StartClick()" ;**************************************
;************* StatusBox ************** $StatusBox = $Form.Controls.ListBox("ListBox1", 135, 225, 355, 82) ;**************************************
;************* DomainGroup ************** $DomainGroup = $Form.Controls.GroupBox("Connect to Domain", 15, 15, 472, 79) ;**************************************
;************* Label7 ************** $Label7 = $DomainGroup.Controls.Label("Domain", 15, 20, 98, 18) ;**************************************
;************* Label8 ************** $Label8 = $DomainGroup.Controls.Label("Domain Account", 135, 20, 99, 15) ;**************************************
;************* Label9 ************** $Label9 = $DomainGroup.Controls.Label("Domain Password", 255, 20, 98, 16) ;**************************************
;************* DomainBox ************** $DomainBox = $DomainGroup.Controls.TextBox("", 15, 45, 100, 20) ;**************************************
;************* AdminBox ************** $AdminBox = $DomainGroup.Controls.TextBox("", 135, 45, 100, 20) ;**************************************
;************* PasswordBox ************** $PasswordBox = $DomainGroup.Controls.TextBox("", 255, 45, 100, 20) $PasswordBox.PasswordChar = "*" ;**************************************
;************* ConnectButton ************** $ConnectButton = $DomainGroup.Controls.Button("Connect", 375, 20, 85, 18) $ConnectButton.OnClick = "VerifyDomain()" ;**************************************
;************* ConnectStatusBox ************** $ConnectStatusBox = $DomainGroup.Controls.TextBox("", 375, 45, 83, 20) $ConnectStatusBox.BorderStyle = 1 $ConnectStatusBox.ReadOnly = "True" $ConnectStatusBox.TextAlign = 2 ;**************************************
;KD END
$DC = DC_List() $DomainBox.Text = @domain $AdminBox.Text = "" $PasswordBox.Text = "" $OUCombo.Enabled = "False" $StartButton.Enabled = "False" $AccountsBox.Enabled = "False" $ComputerBox.Enabled = "False"
$Form.Show While $Form.Visible $=Execute($Form.DoEvents()) Loop Exit 1
Function VerifyDomain $ConnectStatusBox.Text = "Connecting" $oProvider = GetObject("LDAP:") $loop = 0 do Status("testing connection to "+ $dc[$loop]) $rootDSE = $oProvider.OpenDSObject("LDAP://" + $DC[$loop] + "/RootDSE", $DomainBox.text+'\'+$AdminBox.Text, $PasswordBox.Text, 1) $loop = $loop +1 until $rootDSE or $loop=ubound($dc)
if $rootDSE $ldap = "LDAP://" + $DomainBox.text + "/" + $rootDSE.Get("defaultNamingContext") $goodDC = $DC[$loop-1] $ConnectStatusBox.Text = "Connected" status("Connected to "+$goodDC) Status("Collecting Computer OUs") $computerOUs = EnumOUs($ldap) for each $item in split($computerOUs,'|') $OUCombo.additem(substr($item,instr($item,'ou'))) next Status("Computer OUs ready for selection") $AccountsBox.Text = 'Domain Admins, dcsa staff' $ConnectButton.Enabled = "False" $AdminBox.Enabled = "False" $PasswordBox.Enabled = "False" $DomainBox.Enabled = "False" $OUCombo.Enabled = "True" $StartButton.Enabled = "True" $AccountsBox.Enabled = "True" $ComputerBox.Enabled = "True" $ComputerBox.Setfocus else Status(@serror) Status("Failed connecting to domain controller") Status($AdminBox.text+' '+$PasswordBox.text) $ConnectStatusBox.Text = "Not Connected" endif Endfunction
Function StartClick $newName = $ComputerBox.text $domain = $DomainBox.text $password = $PasswordBox.text $user = $AdminBox.text $OU = $OUCombo.text $JOINType = 1 + 2 + 32 $ConnectButton.enabled = 'false'
$AccountsBox.Text = $AccountsBox.Text + ', '+ split(split($newName,'-')[0],'_')[0]
Status("Joining")
; Connect to ADS with the provided login credential $oProvider = GetObject("LDAP:") $rootDSE = $oProvider.OpenDSObject("LDAP://" + $Domain + "/RootDSE", $User, $Password, 1)
$sPath = "LDAP://" + $Domain + "/" + $OU $MyOU = $oProvider.OpenDSObject($sPath, $User, $Password, 1)
IF $MyOU $MachineObj = $MyOU.Delete("computer", "CN="+$newName) $deltext = IIf($MachineObj,'Previous '+$newName+' PC account to be removed','No previous PC account to remove') Status($deltext) Status($MachineObj) endif
$objNetwork = CreateObject("WScript.Network") if not @error $strComputer = $objNetwork.ComputerName $objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\"+$strComputer+"\root\cimv2:Win32_ComputerSystem.Name='"+$strComputer+"'") $ReturnValue = $objComputer.JoinDomainOrWorkGroup($Domain, $password, $Domain+"\"+$user, $OU, $JOINtype) If $ReturnValue Status("Failed joining "+@wksta+" to "+$domain) Status($ReturnValue) return EndIf sleep 20
Status("Renaming") $objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" + $strComputer + "\root\cimv2") $colComputers = $objWMIService.ExecQuery("Select * from Win32_ComputerSystem") For Each $objComputer in $colComputers $err = $objComputer.Rename($NewName, $password, $Domain + "\" + $user) If $err Status("Failed Renaming "+@wksta+" to "+$NewName) Status($err) endif Next
For Each $name In split($AccountsBox.text,',') $name=trim($name) Status("Adding User "+$name) if not $name="Domain Admins" $objGroup = GetObject('WinNT://' + @wksta + '/' + 'Administrators') $objGroup.Add ('WinNT://'+ $domain + '/' + $name) if @error Status(@serror +' error adding '+$name) EndIF endif Next Status("Complete - Restart PC") $rc = Shutdown("", "System is being rebooted to Join Domain.", 10, 0, 1) Quit endif endFunction
FUNCTION Status($text) $StatusBox.additem($text) $StatusBox.listindex=$StatusBox.listcount-1 EndFunction
Function DC_List() Dim $DomDC,$oConn,$oCmd,$i,$oRecSet
$DomDC = GetObject('LDAP://rootDSE').Get('defaultNamingContext') ; Get distinguished name of domaine
$oConn = CreateObject('ADODB.Connection') $oConn.Provider = 'ADsDSOObject' $oConn.Open('Active Directory Provider')
$oCmd = CreateObject('ADODB.Command') $oCmd.ActiveConnection = $oConn $oCmd.CommandText = "Select distinguishedName from 'LDAP://cn=Configuration," + $DomDC + "' where objectClass='nTDSDSA'"
$oRecSet = $oCmd.Execute $oRecSet.MoveFirst
While Not $oRecSet.EOF ReDim Preserve $DC_List[$i] $DC_List[$i] = SubStr(Split($oRecSet.Fields('distinguishedName').Value,',')[1],4) $i = $i + 1 $oRecSet.MoveNext Loop EndFunction
Function EnumOUs($LDAP, optional $Filter) dim $aFilter[0], $pos, $objOU, $i, $j if $Filter <> 'user' $Filter = 'computer' endif $objOU = GetObject($LDAP) if VarTypeName($objOU)='Object' $aFilter[0] = $Filter $objOU.Filter = $aFilter for each $item in $objOU if $item.class = $Filter $i = $LDAP endif next $aFilter[0] = "organizationalUnit" $objOU.Filter = $aFilter for each $item in $objOU $Name = $item.Name $pos = instrrev($LDAP,"/") $DN = Left($LDAP,$pos) + $Name + ", " + substr($LDAP, $pos+1) $j = EnumOUs($DN, $Filter) if $j if $i $i = $i +"|"+ $j else $i = $j endif endif next else ; ? "GetObject COM error: " + @error + " " + @serror exit 1 endif $EnumOUs = $i Endfunction
|
Top
|
|
|
|
Moderator: Shawn, ShaneEP, Ruud van Velsen, Arend_, Jochen, Radimus, Glenn Barnas, Allen, Mart
|
1 registered
(Allen)
and 382 anonymous users online.
|
|
|