利用VBS脚本自动创建计算机帐户的代码
作者 佚名
来源 ASP编程
浏览
发布时间 2013-07-09
mcse注:其实这是按照ADSI(ActiveDirectoryServicesInterface:活动目录服务接口)写的程序。如果你安装了resourcekit,这段代码可以用netcom这条命令进行工作,下面是netcom的一个例子: NETDOM/Domain:MYDOMAIN/user:adminuser/password:apasswordMEMBERMYCOMPUTER/ADD 复制代码 代码如下: *********************** ''*StartScript ''*********************** DimsComputerName,sUserOrGroup,sPath,computerContainer,rootDSE,lFlag DimsecDescriptor,dACL,ACE,oComputer,sPwd '' ''*Declareconstantsusedindefiningthedefaultlocationforthe ''*machineaccount,flagstoidentifytheobjectasamachineaccount, ''*andsecurityflags ''ConstUF_WORKSTATION_TRUST_ACCOUNT=&H1000 ConstUF_ACCOUNTDISABLE=&H2 ConstUF_PASSWD_NOTREQD=&H20 ConstADS_GUID_COMPUTRS_CONTAINER="aa312825768811d1aded00c04fd8d5cd" ConstADS_ACETYPE_ACCESS_ALLOWED=0 ConstADS_ACEFLAG_INHERIT_ACE=2 '' ''*Settheflagsonthisobjecttoidentifyitasamachineaccount ''*anddeterminethename.Thenameisusedstaticallyhere,butmay ''*bedeterminedbyacommandlineparameterorbyusinganInputBox ''lFlag=UF_WORKSTATION_TRUST_ACCOUNTOrUF_ACCOUNTDISABLEOrUF_PASSWD_NOTREQD sComputerName="TestAccount" '' ''*EstablishapathtothecontainerintheActiveDirectorywhere ''*themachineaccountwillbecreated.Inthisexample,thiswill ''*automaticallylocateadomaincontrollerforthedomain,readthe ''*domainname,andbindtothedefault"Computers"container ''********************************************************************* SetrootDSE=GetObject("LDAP://RootDSE") sPath="LDAP:// SetcomputerContainer=GetObject(sPath) sPath="LDAP://"&computerContainer.Get("distinguishedName") SetcomputerContainer=GetObject(sPath) ''''*Here,thecomputeraccountiscreated.Certainattributesmust ''*haveavaluebeforecalling.SetInfotocommit(write)theobject ''*totheActiveDirectory ''SetoComputer=computerContainer.Create("computer","CN="&sComputerName) oComputer.Put"samAccountName",sComputerName+"$" oComputer.Put"userAccountControl",lFlag oComputer.SetInfo '' ''*Establishadefaultpasswordforthemachineaccount ''sPwd=sComputerName&"$" sPwd=LCase(sPwd) oComputer.SetPasswordsPwd ''''*Specifywhichuserorgroupmayactivate/jointhiscomputertothe ''*domain.Inthisexample,"MYDOMAIN"isthedomainnameand ''*"JoeSmith"istheaccountbeinggiventhepermission.Notethat ''*thisisthedownlevelnamingconventionusedinthisexample. ''sUserOrGroup="MYDOMAIN\joesmith" ''''*BindtotheDiscretionaryACLonthenewlycreatedcomputeraccount ''*andcreateanAccessControlEntry(ACE)thatgivesthespecified ''*userorgroupfullcontrolonthemachineaccount ''SetsecDescriptor=oComputer.Get("ntSecurityDescriptor") SetdACL=secDescriptor.DiscretionaryAcl SetACE=CreateObject("AccessControlEntry") '' ''*AnAccessMaskof"-1"grantsFullControl '' ACE.AccessMask=-1 ACE.AceType=ADS_ACETYPE_ACCESS_ALLOWED ACE.AceFlags=ADS_ACEFLAG_INHERIT_ACE ''''*Grantthiscontroltotheuserorgroupspecifiedearlier. ''ACE.Trustee=sUserOrGroup '' ''*Now,addthisACEtotheDACLonthemachineaccount ''dACL.AddAceACE secDescriptor.DiscretionaryAcl=dACL '' ''*Commit(write)thesecuritychangestothemachineaccount ''oComputer.Put"ntSecurityDescriptor",Array(secDescriptor) oComputer.SetInfo ''''*Onceallparametersandpermissionshavebeenset,enablethe ''*account. '' oComputer.AccountDisabled=False oComputer.SetInfo ''''*CreateanAccessControlEntry(ACE)thatgivesthespecifieduser ''*orgroupfullcontrolonthemachineaccount ''wscript.echo"Thecommandcompletedsuccessfully." ''***************** ''*EndScript |
凌众科技专业提供服务器租用、服务器托管、企业邮局、虚拟主机等服务,公司网站:http://www.lingzhong.cn 为了给广大客户了解更多的技术信息,本技术文章收集来源于网络,凌众科技尊重文章作者的版权,如果有涉及你的版权有必要删除你的文章,请和我们联系。以上信息与文章正文是不可分割的一部分,如果您要转载本文章,请保留以上信息,谢谢! |
你可能对下面的文章感兴趣
关于利用VBS脚本自动创建计算机帐户的代码的所有评论