Vista - Re: Add Computer account to AD Groups

03-26-2009

Great post, thanks Richard
I also enjoy reading your site

I was looking for a way to get the group stuff so that I could find out if a
user is a member.
I found code, but could not seem to get the correct value of the group DN.
This code helped me get it

"Richard Mueller [MVP]" wrote:

Quote:

> William Anderson wrote:
>

Quote:

> > I'm looking for a script to add a computer account to an AD Group by
> > NetBios
> > name. Anyone got one handy? Thanks!

>
> If both the computer and the group names are NetBIOS names, perhaps it makes
> sense to use the WinNT provider. For example:
> =======
> ' Specify (or prompt for or retrieve) NetBIOS names.
> strGroup = "MyGroup"
> strComputer = "MyComputer"
> strDomain = "MyDomain"
>
> ' Bind to the group and computer objects.
> Set objGroup = GetObject("WinNT://" & strDomain & "/" & strGroup & ",group")
> Set objComputer = GetObject("WinNT://" & strDomain & "/" & strComputer &
> ",computer")
>
> ' Check if computer already a member of the group.
> If (objGroup.IsMember(objComputer.ADsPath) = False) Then
> ' Add the computer to the group.
> objGroup.Add(objComputer.ADsPath)
> End If
> =========
> Generally, the WinNT provider is not recommended. For one thing it is
> slower. To use the LDAP provider you can use the NameTranslate object to
> convert the NetBIOS names to Distinguished Names. For example:
> ==========
> ' Specify (or prompt for or retrieve) NetBIOS names.
> strGroup = "MyGroup"
> strComputer = "MyComputer"
>
> ' Constants for the NameTranslate object.
> Const ADS_NAME_INITTYPE_GC = 3
> Const ADS_NAME_TYPE_NT4 = 3
> Const ADS_NAME_TYPE_1779 = 1
>
>
>
> ' Determine DNS name of domain from RootDSE.
> Set objRootDSE = GetObject("LDAP://RootDSE")
> strDNSDomain = objRootDSE.Get("defaultNamingContext")
>
> ' Use the NameTranslate object to find the NetBIOS domain
>
> ' name from the DNS domain name.
> Set objTrans = CreateObject("NameTranslate")
> objTrans.Init ADS_NAME_INITTYPE_GC, ""
> objTrans.Set ADS_NAME_TYPE_1779, strDNSDomain
> strNetBIOSDomain = objTrans.Get(ADS_NAME_TYPE_NT4)
> ' Remove trailing backslash.
> strNetBIOSDomain = Left(strNetBIOSDomain, Len(strNetBIOSDomain) - 1)
>
>
>
> ' Use the Set method to specify the NT format of the group name.
>
> objTrans.Set ADS_NAME_TYPE_NT4, strNetBIOSDomain & "\" & strGroup
>
> ' Use the Get method to retrieve the RPC 1779 Distinguished Name.
> strGroupDN = objTrans.Get(ADS_NAME_TYPE_1779)
>
> ' Bind to the group object.
>
> Set objGroup = GetObject("LDAP://" & strGroupDN)
>
>
>
> ' Use the Set method to specify the NT format of the computer name.
>
> objTrans.Set ADS_NAME_TYPE_NT4, strNetBIOSDomain & "\" & strComputer
>
> ' Use the Get method to retrieve the RPC 1779 Distinguished Name.
> strComputerDN = objTrans.Get(ADS_NAME_TYPE_1779)
>
> ' Bind to the computer object.
>
> Set objComputer = GetObject("LDAP://" & strComputerDN)
>
>
>
> ' Check if computer already a member of the group.
> If (objGroup.IsMember(objComputer.ADsPath) = False) Then
> ' Add the computer to the group.
> objGroup.Add(objComputer.ADsPath)
> End If
> ============
> Finally, note that you can always retrieve the Distinguished Name of the
> current computer directly from the ADSystemInfo object. For example:
> ========
> Set objSysInfo = CreateObject("ADSystemInfo")
> strComputerDN = objSysInfo.ComputerName
> Set objComputer = GetObject("LDAP://" & strComputerDN)
> =========
> And of course you could hard code the Distinguished Name of the group in
> your script as easily as the NetBIOS name. If you are prompting for names,
> however, you will need to use the NameTranslate object in order to use the
> LDAP provider.
>
> --
> Richard Mueller
> Microsoft MVP Scripting and ADSI
> Hilltop Lab - http://www.rlmueller.net
> --
>
>
>

03-26-2009	#1 (permalink)
Harv n/a posts	Re: Add Computer account to AD Groups Great post, thanks Richard I also enjoy reading your site I was looking for a way to get the group stuff so that I could find out if a user is a member. I found code, but could not seem to get the correct value of the group DN. This code helped me get it "Richard Mueller [MVP]" wrote: Quote: > William Anderson wrote: > Quote: > > I'm looking for a script to add a computer account to an AD Group by > > NetBios > > name. Anyone got one handy? Thanks! > > If both the computer and the group names are NetBIOS names, perhaps it makes > sense to use the WinNT provider. For example: > ======= > ' Specify (or prompt for or retrieve) NetBIOS names. > strGroup = "MyGroup" > strComputer = "MyComputer" > strDomain = "MyDomain" > > ' Bind to the group and computer objects. > Set objGroup = GetObject("WinNT://" & strDomain & "/" & strGroup & ",group") > Set objComputer = GetObject("WinNT://" & strDomain & "/" & strComputer & > ",computer") > > ' Check if computer already a member of the group. > If (objGroup.IsMember(objComputer.ADsPath) = False) Then > ' Add the computer to the group. > objGroup.Add(objComputer.ADsPath) > End If > ========= > Generally, the WinNT provider is not recommended. For one thing it is > slower. To use the LDAP provider you can use the NameTranslate object to > convert the NetBIOS names to Distinguished Names. For example: > ========== > ' Specify (or prompt for or retrieve) NetBIOS names. > strGroup = "MyGroup" > strComputer = "MyComputer" > > ' Constants for the NameTranslate object. > Const ADS_NAME_INITTYPE_GC = 3 > Const ADS_NAME_TYPE_NT4 = 3 > Const ADS_NAME_TYPE_1779 = 1 > > > > ' Determine DNS name of domain from RootDSE. > Set objRootDSE = GetObject("LDAP://RootDSE") > strDNSDomain = objRootDSE.Get("defaultNamingContext") > > ' Use the NameTranslate object to find the NetBIOS domain > > ' name from the DNS domain name. > Set objTrans = CreateObject("NameTranslate") > objTrans.Init ADS_NAME_INITTYPE_GC, "" > objTrans.Set ADS_NAME_TYPE_1779, strDNSDomain > strNetBIOSDomain = objTrans.Get(ADS_NAME_TYPE_NT4) > ' Remove trailing backslash. > strNetBIOSDomain = Left(strNetBIOSDomain, Len(strNetBIOSDomain) - 1) > > > > ' Use the Set method to specify the NT format of the group name. > > objTrans.Set ADS_NAME_TYPE_NT4, strNetBIOSDomain & "\" & strGroup > > ' Use the Get method to retrieve the RPC 1779 Distinguished Name. > strGroupDN = objTrans.Get(ADS_NAME_TYPE_1779) > > ' Bind to the group object. > > Set objGroup = GetObject("LDAP://" & strGroupDN) > > > > ' Use the Set method to specify the NT format of the computer name. > > objTrans.Set ADS_NAME_TYPE_NT4, strNetBIOSDomain & "\" & strComputer > > ' Use the Get method to retrieve the RPC 1779 Distinguished Name. > strComputerDN = objTrans.Get(ADS_NAME_TYPE_1779) > > ' Bind to the computer object. > > Set objComputer = GetObject("LDAP://" & strComputerDN) > > > > ' Check if computer already a member of the group. > If (objGroup.IsMember(objComputer.ADsPath) = False) Then > ' Add the computer to the group. > objGroup.Add(objComputer.ADsPath) > End If > ============ > Finally, note that you can always retrieve the Distinguished Name of the > current computer directly from the ADSystemInfo object. For example: > ======== > Set objSysInfo = CreateObject("ADSystemInfo") > strComputerDN = objSysInfo.ComputerName > Set objComputer = GetObject("LDAP://" & strComputerDN) > ========= > And of course you could hard code the Distinguished Name of the group in > your script as easily as the NetBIOS name. If you are prompting for names, > however, you will need to use the NameTranslate object in order to use the > LDAP provider. > > -- > Richard Mueller > Microsoft MVP Scripting and ADSI > Hilltop Lab - http://www.rlmueller.net > -- > > >
My System Specs

Similar Threads
Thread	Forum
how to disable computer account	PowerShell
(My) Computer directory/folder... how do I show the drives in groups/sections ?	Vista General
i cant set up account, new computer, asking for server	Vista mail
add users to groups of a remote computer	PowerShell