当前位置: 首页 > 图文教程 > 脚本技术 > VBScript > 利用VBS脚本自动创建计算机帐户的代码

VBScript
用VBScript批量安装网络打印机和设置默认打印机
Vbs 脚本编程简明教程之一
vbs SendKey 用法 Sendkey 键盘对应的码表
用vbs 取得收藏夹里的所有链接名称和URL的脚本
link-view.vbs 页面链接查看
VBS读网页的代码
用VBScript写合并文本文件的脚本
vbscript ms owc 封裝代码
VbScript 封裝MS OWC(二)
vbs 注册表操作代码(添加删除)
用于修复XP中最小化程序 在任务栏显示图标的vbs脚本
完整的注册表操作实例 VBS脚本
vbs 注册表实现木马自启动
reg2vbs.vbs 将Reg文件转换为VBS文件保存 IT学习网修正版本
e是自然对数的底 e.vbs
vbs imail 密码解密
VBS Runas 自动输入密码, 明文
vbscript 三个数比较大小的实现代码
脚本 MsAgent组件 微软精灵 揪出系统自带的宠物
VBS InternetExplorer.Application的属性和方法介绍

VBScript 中的 利用VBS脚本自动创建计算机帐户的代码


出处:互联网   整理: 软晨网(RuanChen.com)   发布: 2009-09-11   浏览: 152 ::
收藏到网摘: n/a

mcse注:其实这是 按照ADSI(Active Directory Services Interface:活动目录服务接口)写的程序。如果你安装了resource kit,这段代码可以用netcom这条命令进行工作,下面是netcom的一个例子:
  NETDOM /Domain:MYDOMAIN /user:adminuser /password:apassword MEMBER MYCOMPUTER /ADD
复制代码 代码如下:

  ***********************
  '* Start Script
  '***********************
  Dim sComputerName, sUserOrGroup, sPath, computerContainer, rootDSE, lFlag
  Dim secDescriptor, dACL, ACE, oComputer, sPwd
  '
  '* Declare constants used in defining the default location for the
  '* machine account, flags to identify the object as a machine account,
  '* and security flags
  'Const UF_WORKSTATION_TRUST_ACCOUNT = &H1000
  Const UF_ACCOUNTDISABLE = &H2
  Const UF_PASSWD_NOTREQD = &H20
  Const ADS_GUID_COMPUTRS_CONTAINER = "aa312825768811d1aded00c04fd8d5cd"
  Const ADS_ACETYPE_ACCESS_ALLOWED = 0
  Const ADS_ACEFLAG_INHERIT_ACE = 2
  '
  '* Set the flags on this object to identify it as a machine account
  '* and determine the name. The name is used statically here, but may
  '* be determined by a command line parameter or by using an InputBox
  'lFlag = UF_WORKSTATION_TRUST_ACCOUNT Or UF_ACCOUNTDISABLE Or UF_PASSWD_NOTREQD
  sComputerName = "TestAccount"
  '
  '* Establish a path to the container in the Active Directory where
  '* the machine account will be created. In this example, this will
  '* automatically locate a domain controller for the domain, read the
  '* domain name, and bind to the default "Computers" container
  '*********************************************************************
  Set rootDSE = GetObject("LDAP://RootDSE")
  sPath = "LDAP://  Set computerContainer = GetObject(sPath)
  sPath = "LDAP://" & computerContainer.Get("distinguishedName")
  Set computerContainer = GetObject(sPath)
  ''* Here, the computer account is created. Certain attributes must
  '* have a value before calling .SetInfo to commit (write) the object
  '* to the Active Directory
  'Set oComputer = computerContainer.Create("computer", "CN=" & sComputerName)
  oComputer.Put "samAccountName", sComputerName + "$"
  oComputer.Put "userAccountControl", lFlag
  oComputer.SetInfo
  '
  '* Establish a default password for the machine account
  'sPwd = sComputerName & "$"
  sPwd = LCase(sPwd)
  oComputer.SetPassword sPwd
  ''* Specify which user or group may activate/join this computer to the
  '* domain. In this example, "MYDOMAIN" is the domain name and
  '* "JoeSmith" is the account being given the permission. Note that
  '* this is the downlevel naming convention used in this example.
  'sUserOrGroup = "MYDOMAIN\joesmith"
  ''* Bind to the Discretionary ACL on the newly created computer account
  '* and create an Access Control Entry (ACE) that gives the specified
  '* user or group full control on the machine account
  'Set secDescriptor = oComputer.Get("ntSecurityDescriptor")
  Set dACL = secDescriptor.DiscretionaryAcl
  Set ACE = CreateObject("AccessControlEntry")
  '
  '* An AccessMask of "-1" grants Full Control
  '
  ACE.AccessMask = -1
  ACE.AceType = ADS_ACETYPE_ACCESS_ALLOWED
  ACE.AceFlags = ADS_ACEFLAG_INHERIT_ACE
  ''* Grant this control to the user or group specified earlier.
  'ACE.Trustee = sUserOrGroup
  '
  '* Now, add this ACE to the DACL on the machine account
  'dACL.AddAce ACE
  secDescriptor.DiscretionaryAcl = dACL
  '
  '* Commit (write) the security changes to the machine account
  'oComputer.Put "ntSecurityDescriptor", Array(secDescriptor)
  oComputer.SetInfo
  ''* Once all parameters and permissions have been set, enable the
  '* account.
  '
  oComputer.AccountDisabled = False
  oComputer.SetInfo
  ''* Create an Access Control Entry (ACE) that gives the specified user
  '* or group full control on the machine account
  'wscript.echo "The command completed successfully."
  '*****************
  '* End Script