Page 1 of 1 1
Topic Options
#92266 - 2003-06-26 07:24 PM need to authenticate from workgroup
Radimus Moderator Offline
Moderator
*****

Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
I can convert this easilly enough to Kix:

strComputer = "atl-pro-040"
Set objComputer = GetObject("LDAP://CN=" & strComputer & _
",CN=Computers,DC=fabrikam,DC=com")
objComputer.DeleteObject(0)

But I have to run this from a workgroup computer and need to authenticate first...

any ideas...
_________________________
How to ask questions the smart way <-----------> Before you ask

Top
#92267 - 2003-06-26 07:43 PM Re: need to authenticate from workgroup
Shawn Administrator Offline
Administrator
*****

Registered: 1999-08-13
Posts: 8611
I know this works with the WinNT provider logged in with a local account but wkstn joined to target domain ... not sure about workgroup.

code:
$root = GetObject("WinNT:")
$domain = $root.OpenDSObject("WinNT://@LDOMAIN", "Administrator", "password" , 0)

Not sure if you can just replace WinNT with LDAP and have it work, worth a try ...

-Shawn

Top
#92268 - 2003-06-26 07:48 PM Re: need to authenticate from workgroup
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
Could you do a NET USE IPC$ USER PASSWORD thingy first?
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#92269 - 2003-06-26 07:54 PM Re: need to authenticate from workgroup
Sealeopard Offline
KiX Master
*****

Registered: 2001-04-25
Posts: 11164
Loc: Boston, MA, USA
Or take a look at fnWMIAuthentication().
_________________________
There are two types of vessels, submarines and targets.

Top
#92270 - 2003-06-26 08:00 PM Re: need to authenticate from workgroup
Radimus Moderator Offline
Moderator
*****

Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
basically what I'm trying to do is remove/delete a computer account from the domain, if the Netdom thingy fails to renamecomputer.

the machine will not be a member of the domain at that time, but I will have the acct password of a domainadmin available
_________________________
How to ask questions the smart way <-----------> Before you ask

Top
#92271 - 2003-06-26 10:19 PM Re: need to authenticate from workgroup
Richie19Rich77 Offline
Seasoned Scripter
*****

Registered: 2002-08-16
Posts: 624
Loc: London, England
I have this somewhere, just to get it right, you want to connect in AD using LDAP, but while the workstation or the logged on user is not part of the domain. ??

Ok here we go this should do, just modify the code to delete computer account rather then add it.

Would do it, but my hard drive of 2000 server has gone wrong, sorry

code:
 ; Set the login credential
$sUser = "Administrator"
$sPassword = "password"

; Set the domain controler and the proper context
$sDomain = "domaincontroller"
$sContainer = "OU=Clients"

; Connect to ADS with the provided login credential
$oProvider = GetObject("LDAP:")
$rootDSE = $oProvider.OpenDSObject("LDAP://" + $sDomain + "/RootDSE", $sUser, $sPassword, 1)

; Collect the proper path, and get the OU where the machine should be created
$sPath = "LDAP://" + $sDomain + "/" + $sContainer + ","
$sPath = $sPath + $rootDSE.Get("defaultNamingContext")
$MyOU = $oProvider.OpenDSObject($sPath, $sUser, $sPassword, 1)

IF NOT $MyOU = 0
$MachineObj = $MyOU.Create("computer", "CN=NewPC")
IF NOT $MachineObj = 0

; Set mandatory properties and save object
$MachineObj.samAccountName = "NewPC"
$MachineObj.SetInfo

; Activate the computer account
$MachineObj.AccountDisabled = False
$MachineObj.SetInfo

? @ERROR
?
? @SERROR
ELSE
? @ERROR
?
? @SERROR
ENDIF

ELSE
? @ERROR
?
? @SERROR
ENDIF




[ 26. June 2003, 22:46: Message edited by: Richard Farthing ]

Top
#92272 - 2005-09-07 02:16 PM Re: need to authenticate from workgroup
Radimus Moderator Offline
Moderator
*****

Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
OK.. Time to resurrect this thread :-)

This adds a new computer object to a domain, but doesn't actually join the domain. So beyond adding the name to AD (and enabling the machine account), what function does it do?

Is there a way to detect a value for $sDomain, without hardcoding it?

Thie is for updating an old kixforms project of mine to add freshly imaged (workgroup)PCs to the domain.

It currently works fine adding the PC, if the account doesn't already exist. If it does exist it returns an error until the old machine account is manually deleted.

I also have it hardcoded to my domain, but I'd like to make it available to all, so I'd like it to be able to detect the domain controller and then to detect all the computer OUs.

I suppose being able to delete the old computer account wouldn't require scanning AD to find the OU??
_________________________
How to ask questions the smart way <-----------> Before you ask

Top
#92273 - 2005-09-07 02:24 PM Re: need to authenticate from workgroup
Radimus Moderator Offline
Moderator
*****

Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
I'm currently doing this:

Code:

...
$objLocator = CreateObject('WbemScripting.SWbemLocator')
$objWBEM=$objLocator.ConnectServer($DC,'root\CIMV2',$DomainBox.text+'\'+$AdminBox.text,$PasswordBox.text)
...
$newName = $ComputerBox.text
$domain = $DomainBox.text
$password = $PasswordBox.text
$user = $AdminBox.text
$OU = $OUCombo.text
$JOINType = 1 + 2 + 32

Status("Joining")
$objNetwork = CreateObject("WScript.Network")
if not @error
$strComputer = $objNetwork.ComputerName
$objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\"+$strComputer+"\root\cimv2:Win32_ComputerSystem.Name='"+$strComputer+"'")
$ReturnValue = $objComputer.JoinDomainOrWorkGroup($Domain, $password, $Domain+"\"+$user, $OU, $JOINtype)
If $ReturnValue
Status("Failed joining "+@wksta+" to "+$domain)
Status($ReturnValue)
return
EndIf
sleep 20

Status("Renaming")
$objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" + $strComputer + "\root\cimv2")
$colComputers = $objWMIService.ExecQuery("Select * from Win32_ComputerSystem")
For Each $objComputer in $colComputers
$err = $objComputer.Rename($NewName, $password, $Domain + "\" + $user)
If $err
Status("Failed Renaming "+@wksta+" to "+$NewName)
Status($err)
endif
Next
...

_________________________
How to ask questions the smart way <-----------> Before you ask

Top
#92274 - 2005-09-12 04:56 PM Re: need to authenticate from workgroup
Radimus Moderator Offline
Moderator
*****

Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
here is the latest and greatest, there are still a few details to work out and some such, but it is good enough for a beta.

I use this to join newly imaged PCs to the domain (machines are imaged to join workgroup, so they need to be renamed and joined prior to use. User is also added to local admin.

Code:



Break On
$System = CreateObject("Kixtart.System")

;KD START

;************* Form **************
$Form = $System.Form()
$Form.BackColor = 212,208,200
$Form.Height = 346
$Form.Left = 5
$Form.MaximizeBox = "False"
$Form.MinimizeBox = "False"
$Form.Text = "JoinDomain"
$Form.Top = 22
$Form.Width = 510
;**************************************

;************* Label1 **************
$Label1 = $Form.Controls.Label("Computer Name", 15, 120, 96, 22)
;**************************************

;************* Label5 **************
$Label5 = $Form.Controls.Label("Accounts to Add", 15, 180, 100, 23)
;**************************************

;************* Label6 **************
$Label6 = $Form.Controls.Label("Add to which OU", 15, 150, 100, 23)
;**************************************

;************* ComputerBox **************
$ComputerBox = $Form.Controls.TextBox("@wksta", 135, 120, 355, 20)
;**************************************

;************* OUCombo **************
$OUCombo = $Form.Controls.ComboBox("", 135, 150, 355, 21)
$OUCombo.DropDownWidth = 355
$OUCombo.Sorted = "True"
;**************************************

;************* AccountsBox **************
$AccountsBox = $Form.Controls.TextBox("", 135, 180, 355, 20)
;**************************************

;************* StartButton **************
$StartButton = $Form.Controls.Button("Start", 15, 225, 95, 82)
$StartButton.OnClick = "StartClick()"
;**************************************

;************* StatusBox **************
$StatusBox = $Form.Controls.ListBox("ListBox1", 135, 225, 355, 82)
;**************************************

;************* DomainGroup **************
$DomainGroup = $Form.Controls.GroupBox("Connect to Domain", 15, 15, 472, 79)
;**************************************

;************* Label7 **************
$Label7 = $DomainGroup.Controls.Label("Domain", 15, 20, 98, 18)
;**************************************

;************* Label8 **************
$Label8 = $DomainGroup.Controls.Label("Domain Account", 135, 20, 99, 15)
;**************************************

;************* Label9 **************
$Label9 = $DomainGroup.Controls.Label("Domain Password", 255, 20, 98, 16)
;**************************************

;************* DomainBox **************
$DomainBox = $DomainGroup.Controls.TextBox("", 15, 45, 100, 20)
;**************************************

;************* AdminBox **************
$AdminBox = $DomainGroup.Controls.TextBox("", 135, 45, 100, 20)
;**************************************

;************* PasswordBox **************
$PasswordBox = $DomainGroup.Controls.TextBox("", 255, 45, 100, 20)
$PasswordBox.PasswordChar = "*"
;**************************************

;************* ConnectButton **************
$ConnectButton = $DomainGroup.Controls.Button("Connect", 375, 20, 85, 18)
$ConnectButton.OnClick = "VerifyDomain()"
;**************************************

;************* ConnectStatusBox **************
$ConnectStatusBox = $DomainGroup.Controls.TextBox("", 375, 45, 83, 20)
$ConnectStatusBox.BorderStyle = 1
$ConnectStatusBox.ReadOnly = "True"
$ConnectStatusBox.TextAlign = 2
;**************************************


;KD END

$DC = DC_List()
$DomainBox.Text = @domain
$AdminBox.Text = ""
$PasswordBox.Text = ""
$OUCombo.Enabled = "False"
$StartButton.Enabled = "False"
$AccountsBox.Enabled = "False"
$ComputerBox.Enabled = "False"


$Form.Show
While $Form.Visible
$=Execute($Form.DoEvents())
Loop
Exit 1


Function VerifyDomain
$ConnectStatusBox.Text = "Connecting"
$oProvider = GetObject("LDAP:")
$loop = 0
do
Status("testing connection to "+ $dc[$loop])
$rootDSE = $oProvider.OpenDSObject("LDAP://" + $DC[$loop] + "/RootDSE", $DomainBox.text+'\'+$AdminBox.Text, $PasswordBox.Text, 1)
$loop = $loop +1
until $rootDSE or $loop=ubound($dc)

if $rootDSE
$ldap = "LDAP://" + $DomainBox.text + "/" + $rootDSE.Get("defaultNamingContext")
$goodDC = $DC[$loop-1]
$ConnectStatusBox.Text = "Connected"
status("Connected to "+$goodDC)
Status("Collecting Computer OUs")
$computerOUs = EnumOUs($ldap)
for each $item in split($computerOUs,'|')
$OUCombo.additem(substr($item,instr($item,'ou')))
next
Status("Computer OUs ready for selection")
$AccountsBox.Text = 'Domain Admins, dcsa staff'
$ConnectButton.Enabled = "False"
$AdminBox.Enabled = "False"
$PasswordBox.Enabled = "False"
$DomainBox.Enabled = "False"
$OUCombo.Enabled = "True"
$StartButton.Enabled = "True"
$AccountsBox.Enabled = "True"
$ComputerBox.Enabled = "True"
$ComputerBox.Setfocus
else
Status(@serror)
Status("Failed connecting to domain controller")
Status($AdminBox.text+' '+$PasswordBox.text)
$ConnectStatusBox.Text = "Not Connected"
endif
Endfunction


Function StartClick
$newName = $ComputerBox.text
$domain = $DomainBox.text
$password = $PasswordBox.text
$user = $AdminBox.text
$OU = $OUCombo.text
$JOINType = 1 + 2 + 32
$ConnectButton.enabled = 'false'

$AccountsBox.Text = $AccountsBox.Text + ', '+ split(split($newName,'-')[0],'_')[0]

Status("Joining")

; Connect to ADS with the provided login credential
$oProvider = GetObject("LDAP:")
$rootDSE = $oProvider.OpenDSObject("LDAP://" + $Domain + "/RootDSE", $User, $Password, 1)

$sPath = "LDAP://" + $Domain + "/" + $OU
$MyOU = $oProvider.OpenDSObject($sPath, $User, $Password, 1)

IF $MyOU
$MachineObj = $MyOU.Delete("computer", "CN="+$newName)
$deltext = IIf($MachineObj,'Previous '+$newName+' PC account to be removed','No previous PC account to remove')
Status($deltext)
Status($MachineObj)
endif

$objNetwork = CreateObject("WScript.Network")
if not @error
$strComputer = $objNetwork.ComputerName
$objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\"+$strComputer+"\root\cimv2:Win32_ComputerSystem.Name='"+$strComputer+"'")
$ReturnValue = $objComputer.JoinDomainOrWorkGroup($Domain, $password, $Domain+"\"+$user, $OU, $JOINtype)
If $ReturnValue
Status("Failed joining "+@wksta+" to "+$domain)
Status($ReturnValue)
return
EndIf
sleep 20

Status("Renaming")
$objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" + $strComputer + "\root\cimv2")
$colComputers = $objWMIService.ExecQuery("Select * from Win32_ComputerSystem")
For Each $objComputer in $colComputers
$err = $objComputer.Rename($NewName, $password, $Domain + "\" + $user)
If $err
Status("Failed Renaming "+@wksta+" to "+$NewName)
Status($err)
endif
Next

For Each $name In split($AccountsBox.text,',')
$name=trim($name)
Status("Adding User "+$name)
if not $name="Domain Admins"
$objGroup = GetObject('WinNT://' + @wksta + '/' + 'Administrators')
$objGroup.Add ('WinNT://'+ $domain + '/' + $name)
if @error
Status(@serror +' error adding '+$name)
EndIF
endif
Next
Status("Complete - Restart PC")
$rc = Shutdown("", "System is being rebooted to Join Domain.", 10, 0, 1)
Quit
endif
endFunction


FUNCTION Status($text)
$StatusBox.additem($text)
$StatusBox.listindex=$StatusBox.listcount-1
EndFunction


Function DC_List()
Dim $DomDC,$oConn,$oCmd,$i,$oRecSet

$DomDC = GetObject('LDAP://rootDSE').Get('defaultNamingContext') ; Get distinguished name of domaine

$oConn = CreateObject('ADODB.Connection')
$oConn.Provider = 'ADsDSOObject'
$oConn.Open('Active Directory Provider')

$oCmd = CreateObject('ADODB.Command')
$oCmd.ActiveConnection = $oConn
$oCmd.CommandText = "Select distinguishedName from 'LDAP://cn=Configuration," + $DomDC + "' where objectClass='nTDSDSA'"

$oRecSet = $oCmd.Execute
$oRecSet.MoveFirst

While Not $oRecSet.EOF
ReDim Preserve $DC_List[$i]
$DC_List[$i] = SubStr(Split($oRecSet.Fields('distinguishedName').Value,',')[1],4)
$i = $i + 1
$oRecSet.MoveNext
Loop
EndFunction

Function EnumOUs($LDAP, optional $Filter)
dim $aFilter[0], $pos, $objOU, $i, $j
if $Filter <> 'user'
$Filter = 'computer'
endif
$objOU = GetObject($LDAP)
if VarTypeName($objOU)='Object'
$aFilter[0] = $Filter
$objOU.Filter = $aFilter
for each $item in $objOU
if $item.class = $Filter
$i = $LDAP
endif
next
$aFilter[0] = "organizationalUnit"
$objOU.Filter = $aFilter
for each $item in $objOU
$Name = $item.Name
$pos = instrrev($LDAP,"/")
$DN = Left($LDAP,$pos) + $Name + ", " + substr($LDAP, $pos+1)
$j = EnumOUs($DN, $Filter)
if $j
if $i
$i = $i +"|"+ $j
else
$i = $j
endif
endif
next
else
; ? "GetObject COM error: " + @error + " " + @serror
exit 1
endif
$EnumOUs = $i
Endfunction


_________________________
How to ask questions the smart way <-----------> Before you ask

Top
Page 1 of 1 1


Moderator:  Shawn, ShaneEP, Ruud van Velsen, Arend_, Jochen, Radimus, Glenn Barnas, Allen, Mart 
Hop to:
Shout Box

Who's Online
1 registered (Allen) and 382 anonymous users online.
Newest Members
gespanntleuchten, DaveatAdvanced, Paulo_Alves, UsTaaa, xxJJxx
17864 Registered Users

Generated in 0.057 seconds in which 0.024 seconds were spent on a total of 12 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org