当前位置: 首页 > 图文教程 > 脚本技术 > VBScript > 利用VBS脚本自动创建计算机帐户的代码

VBScript
VBS中SendKeys的基本应用
VBScript教程 第十四课在VBScript中使用对象
VBScript教程 第十三课 VBScript与窗体
VBScript教程 第十二课VBScript页面的简单样例
VBScript教程 第十一课深入VBScript
VBScript教程 第十课 VBScript编码约定
VBScript教程 第九课VBScript过程
VBScript教程 第八课 使用循环语句
VBScript教程 第七课使用条件语句
VBScript教程 第六课VBScript运算符
VBscript教程 第五课 VBScript常数
VBScript教程 第四课VBScript变量
VBScript教程 第三课VBScript数据类型
VBScript教程 第二课在HTML页面中添加VBscript代码
VBScript教程 第一课什么是VBScript
VBScript的入门学习资料
VBScript语法速查及实例说明
MsgBox函数语言参考
VBS教程:正则表达式简介 -后向引用
VBS教程:正则表达式简介 -选择与编组

VBScript 中的 利用VBS脚本自动创建计算机帐户的代码


出处:互联网   整理: 软晨网(RuanChen.com)   发布: 2009-09-11   浏览: 135 ::
收藏到网摘: n/a

mcse注:其实这是 按照ADSI(Active Directory Services Interface:活动目录服务接口)写的程序。如果你安装了resource kit,这段代码可以用netcom这条命令进行工作,下面是netcom的一个例子:
  NETDOM /Domain:MYDOMAIN /user:adminuser /password:apassword MEMBER MYCOMPUTER /ADD
复制代码 代码如下:

  ***********************
  '* Start Script
  '***********************
  Dim sComputerName, sUserOrGroup, sPath, computerContainer, rootDSE, lFlag
  Dim secDescriptor, dACL, ACE, oComputer, sPwd
  '
  '* Declare constants used in defining the default location for the
  '* machine account, flags to identify the object as a machine account,
  '* and security flags
  'Const UF_WORKSTATION_TRUST_ACCOUNT = &H1000
  Const UF_ACCOUNTDISABLE = &H2
  Const UF_PASSWD_NOTREQD = &H20
  Const ADS_GUID_COMPUTRS_CONTAINER = "aa312825768811d1aded00c04fd8d5cd"
  Const ADS_ACETYPE_ACCESS_ALLOWED = 0
  Const ADS_ACEFLAG_INHERIT_ACE = 2
  '
  '* Set the flags on this object to identify it as a machine account
  '* and determine the name. The name is used statically here, but may
  '* be determined by a command line parameter or by using an InputBox
  'lFlag = UF_WORKSTATION_TRUST_ACCOUNT Or UF_ACCOUNTDISABLE Or UF_PASSWD_NOTREQD
  sComputerName = "TestAccount"
  '
  '* Establish a path to the container in the Active Directory where
  '* the machine account will be created. In this example, this will
  '* automatically locate a domain controller for the domain, read the
  '* domain name, and bind to the default "Computers" container
  '*********************************************************************
  Set rootDSE = GetObject("LDAP://RootDSE")
  sPath = "LDAP://  Set computerContainer = GetObject(sPath)
  sPath = "LDAP://" & computerContainer.Get("distinguishedName")
  Set computerContainer = GetObject(sPath)
  ''* Here, the computer account is created. Certain attributes must
  '* have a value before calling .SetInfo to commit (write) the object
  '* to the Active Directory
  'Set oComputer = computerContainer.Create("computer", "CN=" & sComputerName)
  oComputer.Put "samAccountName", sComputerName + "$"
  oComputer.Put "userAccountControl", lFlag
  oComputer.SetInfo
  '
  '* Establish a default password for the machine account
  'sPwd = sComputerName & "$"
  sPwd = LCase(sPwd)
  oComputer.SetPassword sPwd
  ''* Specify which user or group may activate/join this computer to the
  '* domain. In this example, "MYDOMAIN" is the domain name and
  '* "JoeSmith" is the account being given the permission. Note that
  '* this is the downlevel naming convention used in this example.
  'sUserOrGroup = "MYDOMAIN\joesmith"
  ''* Bind to the Discretionary ACL on the newly created computer account
  '* and create an Access Control Entry (ACE) that gives the specified
  '* user or group full control on the machine account
  'Set secDescriptor = oComputer.Get("ntSecurityDescriptor")
  Set dACL = secDescriptor.DiscretionaryAcl
  Set ACE = CreateObject("AccessControlEntry")
  '
  '* An AccessMask of "-1" grants Full Control
  '
  ACE.AccessMask = -1
  ACE.AceType = ADS_ACETYPE_ACCESS_ALLOWED
  ACE.AceFlags = ADS_ACEFLAG_INHERIT_ACE
  ''* Grant this control to the user or group specified earlier.
  'ACE.Trustee = sUserOrGroup
  '
  '* Now, add this ACE to the DACL on the machine account
  'dACL.AddAce ACE
  secDescriptor.DiscretionaryAcl = dACL
  '
  '* Commit (write) the security changes to the machine account
  'oComputer.Put "ntSecurityDescriptor", Array(secDescriptor)
  oComputer.SetInfo
  ''* Once all parameters and permissions have been set, enable the
  '* account.
  '
  oComputer.AccountDisabled = False
  oComputer.SetInfo
  ''* Create an Access Control Entry (ACE) that gives the specified user
  '* or group full control on the machine account
  'wscript.echo "The command completed successfully."
  '*****************
  '* End Script