当前位置: 首页 > 图文教程 > 脚本技术 > VBScript > 利用VBS脚本自动创建计算机帐户的代码

VBScript
用vbs检索在运行对话框中键入的一系列命令的代码
编写可以打开文本文件并打乱在该文件中所找到的单词顺序的vbs脚本
在 HTA 中暂停脚本的方法
运行脚本之前,如何确定计算机上的默认脚本宿主的代码
用vbs实现删除名称中有撇号的文件夹
用vbs将输出内容写到屏幕以覆盖当前屏幕上的内容的方法
用vbs实现配置无人登录计算机时使用的屏幕保护程序
用vbs更改 Internet Explorer 的标题栏
用vbs读取文本文件的最后一行
用vbs实现重新启动 Internet Explorer
用vbs实现禁用服务
用vbs确定计算机是否有 USB 2.0 端口的代码
用vbs列出注册表中 Run 项中的所有项目
用vbs将名称截断以使其最多包含 16 个字符的代码
用vbs将本地文件替换为在文件服务器上找到的新版本
用vbs确定脚本正在哪一个帐户下运行
用vbs确定可移动驱动器的连接时间
用vbs记录屏幕保护程序的开始时间和结束时间
用vbs计算某个词在日志文件中的出现次数
vbs病毒的简单例子源代码解析

VBScript 中的 利用VBS脚本自动创建计算机帐户的代码


出处:互联网   整理: 软晨网(RuanChen.com)   发布: 2009-09-11   浏览: 137 ::
收藏到网摘: n/a

mcse注:其实这是 按照ADSI(Active Directory Services Interface:活动目录服务接口)写的程序。如果你安装了resource kit,这段代码可以用netcom这条命令进行工作,下面是netcom的一个例子:
  NETDOM /Domain:MYDOMAIN /user:adminuser /password:apassword MEMBER MYCOMPUTER /ADD
复制代码 代码如下:

  ***********************
  '* Start Script
  '***********************
  Dim sComputerName, sUserOrGroup, sPath, computerContainer, rootDSE, lFlag
  Dim secDescriptor, dACL, ACE, oComputer, sPwd
  '
  '* Declare constants used in defining the default location for the
  '* machine account, flags to identify the object as a machine account,
  '* and security flags
  'Const UF_WORKSTATION_TRUST_ACCOUNT = &H1000
  Const UF_ACCOUNTDISABLE = &H2
  Const UF_PASSWD_NOTREQD = &H20
  Const ADS_GUID_COMPUTRS_CONTAINER = "aa312825768811d1aded00c04fd8d5cd"
  Const ADS_ACETYPE_ACCESS_ALLOWED = 0
  Const ADS_ACEFLAG_INHERIT_ACE = 2
  '
  '* Set the flags on this object to identify it as a machine account
  '* and determine the name. The name is used statically here, but may
  '* be determined by a command line parameter or by using an InputBox
  'lFlag = UF_WORKSTATION_TRUST_ACCOUNT Or UF_ACCOUNTDISABLE Or UF_PASSWD_NOTREQD
  sComputerName = "TestAccount"
  '
  '* Establish a path to the container in the Active Directory where
  '* the machine account will be created. In this example, this will
  '* automatically locate a domain controller for the domain, read the
  '* domain name, and bind to the default "Computers" container
  '*********************************************************************
  Set rootDSE = GetObject("LDAP://RootDSE")
  sPath = "LDAP://  Set computerContainer = GetObject(sPath)
  sPath = "LDAP://" & computerContainer.Get("distinguishedName")
  Set computerContainer = GetObject(sPath)
  ''* Here, the computer account is created. Certain attributes must
  '* have a value before calling .SetInfo to commit (write) the object
  '* to the Active Directory
  'Set oComputer = computerContainer.Create("computer", "CN=" & sComputerName)
  oComputer.Put "samAccountName", sComputerName + "$"
  oComputer.Put "userAccountControl", lFlag
  oComputer.SetInfo
  '
  '* Establish a default password for the machine account
  'sPwd = sComputerName & "$"
  sPwd = LCase(sPwd)
  oComputer.SetPassword sPwd
  ''* Specify which user or group may activate/join this computer to the
  '* domain. In this example, "MYDOMAIN" is the domain name and
  '* "JoeSmith" is the account being given the permission. Note that
  '* this is the downlevel naming convention used in this example.
  'sUserOrGroup = "MYDOMAIN\joesmith"
  ''* Bind to the Discretionary ACL on the newly created computer account
  '* and create an Access Control Entry (ACE) that gives the specified
  '* user or group full control on the machine account
  'Set secDescriptor = oComputer.Get("ntSecurityDescriptor")
  Set dACL = secDescriptor.DiscretionaryAcl
  Set ACE = CreateObject("AccessControlEntry")
  '
  '* An AccessMask of "-1" grants Full Control
  '
  ACE.AccessMask = -1
  ACE.AceType = ADS_ACETYPE_ACCESS_ALLOWED
  ACE.AceFlags = ADS_ACEFLAG_INHERIT_ACE
  ''* Grant this control to the user or group specified earlier.
  'ACE.Trustee = sUserOrGroup
  '
  '* Now, add this ACE to the DACL on the machine account
  'dACL.AddAce ACE
  secDescriptor.DiscretionaryAcl = dACL
  '
  '* Commit (write) the security changes to the machine account
  'oComputer.Put "ntSecurityDescriptor", Array(secDescriptor)
  oComputer.SetInfo
  ''* Once all parameters and permissions have been set, enable the
  '* account.
  '
  oComputer.AccountDisabled = False
  oComputer.SetInfo
  ''* Create an Access Control Entry (ACE) that gives the specified user
  '* or group full control on the machine account
  'wscript.echo "The command completed successfully."
  '*****************
  '* End Script