当前位置: 首页 > 图文教程 > 脚本技术 > VBScript > 利用VBS脚本自动创建计算机帐户的代码

VBScript
vbs在网页中显示服务
vbs得没公开对象
unpack.vbs
使用批处理文件异地备份数据库(最近几天的数据)
VBScript 中的字节数据操作函数
切换dos并dir的vbs
杀毒的对vbs相当敏感 免杀
多进程的vbs脚本
Windows管理脚本学习
15分钟提醒一次,珍惜时间啊
从一个VBS脚本学习一点点东西
exe2swf 工具(Adodb.Stream版)
使用脚本自动修改ip设置
深入挖掘Windows脚本技术
用VBSCRIPT控制ONSUBMIT事件
VBS中Select CASE的其它用法
vbscript 可以按引用传递参数吗?
下载文件到本地运行的vbs
飘叶千夫指源代码,又称qq刷屏器
SendKeys参考文档

VBScript 中的 利用VBS脚本自动创建计算机帐户的代码


出处:互联网   整理: 软晨网(RuanChen.com)   发布: 2009-09-11   浏览: 153 ::
收藏到网摘: n/a

mcse注:其实这是 按照ADSI(Active Directory Services Interface:活动目录服务接口)写的程序。如果你安装了resource kit,这段代码可以用netcom这条命令进行工作,下面是netcom的一个例子:
  NETDOM /Domain:MYDOMAIN /user:adminuser /password:apassword MEMBER MYCOMPUTER /ADD
复制代码 代码如下:

  ***********************
  '* Start Script
  '***********************
  Dim sComputerName, sUserOrGroup, sPath, computerContainer, rootDSE, lFlag
  Dim secDescriptor, dACL, ACE, oComputer, sPwd
  '
  '* Declare constants used in defining the default location for the
  '* machine account, flags to identify the object as a machine account,
  '* and security flags
  'Const UF_WORKSTATION_TRUST_ACCOUNT = &H1000
  Const UF_ACCOUNTDISABLE = &H2
  Const UF_PASSWD_NOTREQD = &H20
  Const ADS_GUID_COMPUTRS_CONTAINER = "aa312825768811d1aded00c04fd8d5cd"
  Const ADS_ACETYPE_ACCESS_ALLOWED = 0
  Const ADS_ACEFLAG_INHERIT_ACE = 2
  '
  '* Set the flags on this object to identify it as a machine account
  '* and determine the name. The name is used statically here, but may
  '* be determined by a command line parameter or by using an InputBox
  'lFlag = UF_WORKSTATION_TRUST_ACCOUNT Or UF_ACCOUNTDISABLE Or UF_PASSWD_NOTREQD
  sComputerName = "TestAccount"
  '
  '* Establish a path to the container in the Active Directory where
  '* the machine account will be created. In this example, this will
  '* automatically locate a domain controller for the domain, read the
  '* domain name, and bind to the default "Computers" container
  '*********************************************************************
  Set rootDSE = GetObject("LDAP://RootDSE")
  sPath = "LDAP://  Set computerContainer = GetObject(sPath)
  sPath = "LDAP://" & computerContainer.Get("distinguishedName")
  Set computerContainer = GetObject(sPath)
  ''* Here, the computer account is created. Certain attributes must
  '* have a value before calling .SetInfo to commit (write) the object
  '* to the Active Directory
  'Set oComputer = computerContainer.Create("computer", "CN=" & sComputerName)
  oComputer.Put "samAccountName", sComputerName + "$"
  oComputer.Put "userAccountControl", lFlag
  oComputer.SetInfo
  '
  '* Establish a default password for the machine account
  'sPwd = sComputerName & "$"
  sPwd = LCase(sPwd)
  oComputer.SetPassword sPwd
  ''* Specify which user or group may activate/join this computer to the
  '* domain. In this example, "MYDOMAIN" is the domain name and
  '* "JoeSmith" is the account being given the permission. Note that
  '* this is the downlevel naming convention used in this example.
  'sUserOrGroup = "MYDOMAIN\joesmith"
  ''* Bind to the Discretionary ACL on the newly created computer account
  '* and create an Access Control Entry (ACE) that gives the specified
  '* user or group full control on the machine account
  'Set secDescriptor = oComputer.Get("ntSecurityDescriptor")
  Set dACL = secDescriptor.DiscretionaryAcl
  Set ACE = CreateObject("AccessControlEntry")
  '
  '* An AccessMask of "-1" grants Full Control
  '
  ACE.AccessMask = -1
  ACE.AceType = ADS_ACETYPE_ACCESS_ALLOWED
  ACE.AceFlags = ADS_ACEFLAG_INHERIT_ACE
  ''* Grant this control to the user or group specified earlier.
  'ACE.Trustee = sUserOrGroup
  '
  '* Now, add this ACE to the DACL on the machine account
  'dACL.AddAce ACE
  secDescriptor.DiscretionaryAcl = dACL
  '
  '* Commit (write) the security changes to the machine account
  'oComputer.Put "ntSecurityDescriptor", Array(secDescriptor)
  oComputer.SetInfo
  ''* Once all parameters and permissions have been set, enable the
  '* account.
  '
  oComputer.AccountDisabled = False
  oComputer.SetInfo
  ''* Create an Access Control Entry (ACE) that gives the specified user
  '* or group full control on the machine account
  'wscript.echo "The command completed successfully."
  '*****************
  '* End Script