Recipe 15.14. Creating a Computer Account

Problem

You want to create a computer account in Active Directory.

Solution

Using a graphical user interface

1. Open the Active Directory Users and Computers snap-in (dsa.msc).

2. If you need to change domains, right-click on Active Directory Users and Computers in the left pane, select Connect to Domain, enter the domain name and click OK.

3. In the left pane, browse to the parent container for the computer, right-click on it, and select New Computer.

4. <ComputerDN>" -desc "<Description>"
   

   For example:

   > dsadd computer "cn=rallen-wxp,ou=my computers,dc=rallencorp,dc=com" -desc  "Computer owned by Robbie Allen"

   
   

   You can also use the netdom utility to create a computer account. Here is the basic syntax:

   > netdom add <ComputerName> /Domain:<DomainName> /OU:"<OrgUnitDN>"

   
   

   For example:

   > netdom add rallen-wxp /Domain:rallencorp.com /OU:"ou=my computers,dc=rallencorp,dc=com"

   
   

   If the /OU parameter is not specified, the computer will be created under the default computer's container (cn=computers).

   Using VBScript

   ' This code creates a computer account in Active Directory. ' ------ SCRIPT CONFIGURATION ------ strBase = "<ParentComputerDN>"  ' e.g. cn=Computers,dc=rallencorp,dc=com strComp = "<ComputerName>"      ' e.g. joe-xp strDescr = "<Description>"      ' e.g. Joe's Windows XP workstation ' ------ END CONFIGURATION --------- ' ADS_USER_FLAG_ENUM Const ADS_UF_WORKSTATION_TRUST_ACCOUNT = &h1000 set objCont = GetObject("LDAP://" & strBase) set objComp = objCont.Create("computer", "cn=" & strComp) objComp.Put "sAMAccountName", strComp & "$" objComp.Put "description", strDesc objComp.Put "userAccountControl", ADS_UF_WORKSTATION_TRUST_ACCOUNT objComp.SetInfo Wscript.Echo "Computer account for " & strComp & " created"

   
   

   Discussion

   Creating a computer account in Active Directory is not much different from creating a user account. In the CLI and API solutions, we set the description attribute, but it is not mandatory. The only mandatory attribute for computer accounts is sAMAccountName, which should be set to the name of the computer with $ appended (e.g., joe-wxp$).

   These solutions simply create a computer account. You'll still need to join a computer with the same name as the computer account to a domain as we describe in Recipe Recipe 15.15.

   See Also

   MS KB 222525 (Automating the Creation of Computer Accounts), MS KB 283771 (HOW TO: Pre-stage Windows 2000 Computers in Active Directory), MS KB 315273 (Automating the Creation of Computer Accounts), MS KB 320187 (HOW TO: Manage Computer Accounts in Active Directory in Windows 2000), and MSDN: ADS_USER_FLAG_ENUM