Discussion:
Creating CN in AD?
(too old to reply)
Derrick
2007-08-01 23:00:02 UTC
Permalink
Hi, I found this script (see below) from the TechNet CD for creating a
ComputerName account in Active Directory. The script ran fine. I created
the account in AD but when I try to join the computer to the domain, I could
not get it to join. If I manually create the CN account in AD, I can join
the computer just fine. I was wondering if someone had tried it and if you
know what is wrong?

Thank you,
Derrick

Description
Creates and enables a computer account in Active Directory, which must be
used by an Administrator when adding a workstation to the domain.

Script Code

strComputer = "atl-pro-001"

Const ADS_UF_PASSWD_NOTREQD = &h0020
Const ADS_UF_WORKSTATION_TRUST_ACCOUNT = &h1000

Set objRootDSE = GetObject("LDAP://rootDSE")
Set objContainer = GetObject("LDAP://cn=Computers," & _
objRootDSE.Get("defaultNamingContext"))

Set objComputer = objContainer.Create("Computer", "cn=" & strComputer)
objComputer.Put "sAMAccountName", strComputer & "$"
objComputer.Put "userAccountControl", _
ADS_UF_PASSWD_NOTREQD Or ADS_UF_WORKSTATION_TRUST_ACCOUNT
objComputer.SetInfo
Derrick
2007-08-20 23:38:00 UTC
Permalink
I still have not figured out this problem but I do want to say that when I
tried to join the computer, I get the "Access Denied" message. That tells me
the account created by the SCRIPT is not given proper permission.

Question then comes to these Const variables: What does the &h0020 and
&h1000 mean?

Const ADS_UF_PASSWD_NOTREQD = &h0020
Const ADS_UF_WORKSTATION_TRUST_ACCOUNT = &h1000
Post by Derrick
Hi, I found this script (see below) from the TechNet CD for creating a
ComputerName account in Active Directory. The script ran fine. I created
the account in AD but when I try to join the computer to the domain, I could
not get it to join. If I manually create the CN account in AD, I can join
the computer just fine. I was wondering if someone had tried it and if you
know what is wrong?
Thank you,
Derrick
Description
Creates and enables a computer account in Active Directory, which must be
used by an Administrator when adding a workstation to the domain.
Script Code
strComputer = "atl-pro-001"
Const ADS_UF_PASSWD_NOTREQD = &h0020
Const ADS_UF_WORKSTATION_TRUST_ACCOUNT = &h1000
Set objRootDSE = GetObject("LDAP://rootDSE")
Set objContainer = GetObject("LDAP://cn=Computers," & _
objRootDSE.Get("defaultNamingContext"))
Set objComputer = objContainer.Create("Computer", "cn=" & strComputer)
objComputer.Put "sAMAccountName", strComputer & "$"
objComputer.Put "userAccountControl", _
ADS_UF_PASSWD_NOTREQD Or ADS_UF_WORKSTATION_TRUST_ACCOUNT
objComputer.SetInfo
Richard Mueller [MVP]
2007-08-21 01:53:52 UTC
Permalink
I have not yet tested this script from the technet script center:
=============
Const JOIN_DOMAIN = 1
Const ACCT_CREATE = 2
Const ACCT_DELETE = 4
Const WIN9X_UPGRADE = 16
Const DOMAIN_JOIN_IF_JOINED = 32
Const JOIN_UNSECURE = 64
Const MACHINE_PASSWORD_PASSED = 128
Const DEFERRED_SPN_SET = 256
Const INSTALL_INVOCATION = 262144

strDomain = "FABRIKAM"
strPassword = "ls4k5ywA"
strUser = "shenalan"

Set objNetwork = CreateObject("WScript.Network")
strComputer = objNetwork.ComputerName

Set objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\" &
_
strComputer & "\root\cimv2:Win32_ComputerSystem.Name='" & _
strComputer & "'")

ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, _
strPassword, strDomain & "\" & strUser, NULL, _
JOIN_DOMAIN + ACCT_CREATE)
==========

The constants in your snippet are bit masks for the userAccountControl
attribute. This attribute has many flag settings, defined by bits of the
integer value. You test a bit with the AND operator and a bit mask (any
non-zero result is True, 0 is False). You set a bit with the OR operator and
the appropriate bit mask. You toggle a bit with the XOR operator. There are
several other bit masks. Note that &H20 is hex 20, which is 32 decimal.
&H1000 is 4096 decimal. The constants above I copied from the Microsoft site
are decimal bit masks. They user the "+" operator above, which I guess is
the same as OR.
--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--
Post by Derrick
I still have not figured out this problem but I do want to say that when I
tried to join the computer, I get the "Access Denied" message. That tells me
the account created by the SCRIPT is not given proper permission.
Question then comes to these Const variables: What does the &h0020 and
&h1000 mean?
Const ADS_UF_PASSWD_NOTREQD = &h0020
Const ADS_UF_WORKSTATION_TRUST_ACCOUNT = &h1000
Post by Derrick
Hi, I found this script (see below) from the TechNet CD for creating a
ComputerName account in Active Directory. The script ran fine. I created
the account in AD but when I try to join the computer to the domain, I could
not get it to join. If I manually create the CN account in AD, I can join
the computer just fine. I was wondering if someone had tried it and if you
know what is wrong?
Thank you,
Derrick
Description
Creates and enables a computer account in Active Directory, which must be
used by an Administrator when adding a workstation to the domain.
Script Code
strComputer = "atl-pro-001"
Const ADS_UF_PASSWD_NOTREQD = &h0020
Const ADS_UF_WORKSTATION_TRUST_ACCOUNT = &h1000
Set objRootDSE = GetObject("LDAP://rootDSE")
Set objContainer = GetObject("LDAP://cn=Computers," & _
objRootDSE.Get("defaultNamingContext"))
Set objComputer = objContainer.Create("Computer", "cn=" & strComputer)
objComputer.Put "sAMAccountName", strComputer & "$"
objComputer.Put "userAccountControl", _
ADS_UF_PASSWD_NOTREQD Or ADS_UF_WORKSTATION_TRUST_ACCOUNT
objComputer.SetInfo
Dwonder
2007-08-21 14:19:35 UTC
Permalink
Post by Derrick
Hi, I found this script (see below) from the TechNet CD for creating a
ComputerName account in Active Directory. The script ran fine. I created
the account in AD but when I try to join the computer to the domain, I could
not get it to join. If I manually create the CN account in AD, I can join
the computer just fine. I was wondering if someone had tried it and if you
know what is wrong?
Thank you,
Derrick
Description
Creates and enables a computer account in Active Directory, which must be
used by an Administrator when adding a workstation to the domain.
Script Code
strComputer = "atl-pro-001"
Const ADS_UF_PASSWD_NOTREQD = &h0020
Const ADS_UF_WORKSTATION_TRUST_ACCOUNT = &h1000
Set objRootDSE = GetObject("LDAP://rootDSE")
Set objContainer = GetObject("LDAP://cn=Computers," & _
objRootDSE.Get("defaultNamingContext"))
Set objComputer = objContainer.Create("Computer", "cn=" & strComputer)
objComputer.Put "sAMAccountName", strComputer & "$"
objComputer.Put "userAccountControl", _
ADS_UF_PASSWD_NOTREQD Or ADS_UF_WORKSTATION_TRUST_ACCOUNT
objComputer.SetInfo
Listen you need to explore some of these third party demo's there is
an appliation called UMRA www.tools4ever.com that will solve all your
needs
unknown
2009-10-23 09:33:50 UTC
Permalink
Hi,

I had the same problem, then i found out that my computer account was created and added to the "Domain Users" group instead of the "Domain Computers" group, could that be the case for you as well ?



Derric wrote:

Creating CN in AD?
01-aug-07

Hi, I found this script (see below) from the TechNet CD for creating a
ComputerName account in Active Directory. The script ran fine. I created
the account in AD but when I try to join the computer

Previous Posts In This Thread:

On woensdag 1 augustus 2007 19:00
Derric wrote:

Creating CN in AD?
Hi, I found this script (see below) from the TechNet CD for creating a
ComputerName account in Active Directory. The script ran fine. I created
the account in AD but when I try to join the computer

On maandag 20 augustus 2007 19:38
Derric wrote:

I still have not figured out this problem but I do want to say that when I
I still have not figured out this problem but I do want to say that when I
tried to join the computer, I get the "Access Denied" message. That tells me
the account created by the SCRIPT is not given

On maandag 20 augustus 2007 21:53
Richard Mueller [MVP] wrote:

I have not yet tested this script from the technet script
I have not yet tested this script from the technet script center:
=============
Const JOIN_DOMAIN = 1
Const ACCT_CREATE = 2
Const ACCT_DELETE = 4
Const WIN9X_UPGRADE = 16
Const DOMAIN_JOIN_IF_JOINED =

On dinsdag 21 augustus 2007 10:19
Dwonder wrote:

Re: Creating CN in AD?
Listen you need to explore some of these third party demo's there is
an appliation called UMRA www.tools4ever.com that will solve all your
needs

EggHeadCafe - Software Developer Portal of Choice
A Brief Synopsis of C# Class and Method Modifiers
http://www.eggheadcafe.com/tutorials/aspnet/aae979f9-52be-4f1c-bc53-7f01f292f7e7/a-brief-synopsis-of-c-cl.aspx
Richard Mueller [MVP]
2009-10-23 17:06:19 UTC
Permalink
If your code to create a computer account ran without error, but the object
was made a member of "Domain Users", I see two possible causes. One is that
you specified class "user" rather than "computer". The second possibility (I
have not tested) is that you did not specify a trailing "$" for the
sAMAccountName when you assigned a value.

I found the original message from this thread (which is not included below).
The code referred to is:
=====
strComputer = "atl-pro-001"
Const ADS_UF_PASSWD_NOTREQD = &h0020
Const ADS_UF_WORKSTATION_TRUST_ACCOUNT = &h1000


Set objRootDSE = GetObject("LDAP://rootDSE")
Set objContainer = GetObject("LDAP://cn=Computers," & _
objRootDSE.Get("defaultNamingContext"))


Set objComputer = objContainer.Create("Computer", "cn=" & strComputer)
objComputer.Put "sAMAccountName", strComputer & "$"
objComputer.Put "userAccountControl", _
ADS_UF_PASSWD_NOTREQD Or ADS_UF_WORKSTATION_TRUST_ACCOUNT
objComputer.SetInfo


========
This is actually quoted exactly from "Windows 2000 Scripting Guide". Joining
the machine to the domain is another issue, but the above should properly
create the object ahead of time.
--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--
Post by unknown
Hi,
I had the same problem, then i found out that my computer account was
created and added to the "Domain Users" group instead of the "Domain
Computers" group, could that be the case for you as well ?
Creating CN in AD?
01-aug-07
Hi, I found this script (see below) from the TechNet CD for creating a
ComputerName account in Active Directory. The script ran fine. I created
the account in AD but when I try to join the computer
On woensdag 1 augustus 2007 19:00
Creating CN in AD?
Hi, I found this script (see below) from the TechNet CD for creating a
ComputerName account in Active Directory. The script ran fine. I created
the account in AD but when I try to join the computer
On maandag 20 augustus 2007 19:38
I still have not figured out this problem but I do want to say that when I
I still have not figured out this problem but I do want to say that when I
tried to join the computer, I get the "Access Denied" message. That tells me
the account created by the SCRIPT is not given
On maandag 20 augustus 2007 21:53
I have not yet tested this script from the technet script
=============
Const JOIN_DOMAIN = 1
Const ACCT_CREATE = 2
Const ACCT_DELETE = 4
Const WIN9X_UPGRADE = 16
Const DOMAIN_JOIN_IF_JOINED =
On dinsdag 21 augustus 2007 10:19
Re: Creating CN in AD?
Listen you need to explore some of these third party demo's there is
an appliation called UMRA www.tools4ever.com that will solve all your
needs
EggHeadCafe - Software Developer Portal of Choice
A Brief Synopsis of C# Class and Method Modifiers
http://www.eggheadcafe.com/tutorials/aspnet/aae979f9-52be-4f1c-bc53-7f01f292f7e7/a-brief-synopsis-of-c-cl.aspx
Loading...