Managing Computers

Previous page
Table of content
Next page

Like users, computers also have accounts in Active Directory. In fact, the computer class inherits from the user class. Computer accounts are treated like user accounts for purposes of security and access permissions to the network and domain. A computer account is used to validate a computer to the network separately from a user in order to access shared resources.

A computer name can be 15 characters or less and is also followed with a dollar sign ($). This is an old LAN Manager convention to separate machine accounts from user accounts. Computer accounts can be set with passwords, but the passwords are used only until the computer is validated by the domain and a secure channel is created. This is known as joining a computer to a domain. A new password is established when the computer joins the domain. Computers are generally placed in the Computers container, although network administrators may place them in an organizational unit.

Listing 10-6 shows a script, available on the companion CD, that creates a computer account in the Computers container. Since I've been harping about not hard coding paths into your scripts, I use the well-known GUID for the Computers container. Since the actual GUID value for the Computers container is not in the ActiveDS.tlb type library, I use a Const statement to hold its value. The same is true for the user flags (UF_*) that also need to be defined. 

 <job >
<reference gu/>
<script language="VBScript">
`
` CreateComputer - Creates a computer account
`
` Constants from Active Directory not included in type library
Const ADS_GUID_COMPUTRS_CONTAINER = "aa312825768811d1aded00c04fd8d5cd"
Const UF_WORKSTATION_TRUST_ACCOUNT = &H1000
Const UF_ACCOUNTDISABLE = &H2
Const UF_PASSWD_NOTREQD = &H20
 ` Computer name
strCompName = "Test1"
 ` Display info
WScript.Echo "Creating new computer account `" & strCompName & "`..."
 ` Bind to the RootDSE and get the default domain partition
Set adsRootDSE = GetObject("LDAP://RootDSE")
strDomainDN = adsRootDSE.Get("defaultNamingContext")
 ` Use WKGUID to bind to Computers container
strGUIDPath = "LDAP://"
strGUIDPath = strGUIDPath & "<WKGU,"
strGUIDPath = strGUIDPath & strDomainDN
strGUIDPath = strGUIDPath & ">"
 ` Bind to Computers container
Set adsContainer = GetObject(strGUIDPath)
 ` GUID binding is very limited, so rebind not using GUID
strADsPath = "LDAP://" & adsContainer.Get("distinguishedName")
Set adsContainer = GetObject(strADsPath)
 ` Go to the next line if an error occurs
On Error Resume Next
 ` Create the object in the container
Set adsComputer = adsContainer.Create("computer", "cn=" + strCompName) ` Set the account name for the computer
` Must be 15 characters or less and have a trailing dollar sign
adsComputer.Put "sAMAccountName", strCompName & "$"
 ` Must specify userAccountControl before applying changes
` since it's read-only after creation
 ` Set account flag to indicate this is a machine account
adsComputer.Put "userAccountControl", UF_WORKSTATION_TRUST_ACCOUNT Or _
    UF_ACCOUNTDISABLE Or UF_PASSWD_NOTREQD
 ` Update server with required properties
adsComputer.SetInfo
 ` Check for errors
If Err.Number <> 0 Then
    ` Check to see whether computer already exists error
    If Err.Number = &H80071392 Then
        ` Display error message and exit
        WScript.Echo "The computer `" & strCompName & "` already exists."
        WScript.Quit 1
    Else
        WScript.Echo "Unexpected error creating computer." & _
            vbNewLine & Err.Description & " (" & Hex(Err.Number) & ")"
        WScript.Quit 1
    End If
End If
 ` Turn off error handling
On Error GoTo 0
 ` Set other attributes for the computer object
` Refresh the local cache
adsComputer.GetInfo
 ` Set a default password. Used only until computer joins domain.
` Must be lowercase
strPassword = strCompName & "$"
strPassword = LCase(strPassword)
adsComputer.SetPassword strPassword
 ` Enable the account
` Note: IADsUser properties work on computer accounts
adsComputer.AccountDisabled = False
 ` Apply the properties to the directory
adsComputer.SetInfo  ` Release objects
Set adsComputer = Nothing
Set adsContainer = Nothing
 ` Finish
WScript.Echo "Computer created successfully."
 </script>
</job>

Listing 10-6 CreateComputer.wsf shows how to create a computer account.

When you run the CreateComputer script, a computer account named "Test1" is created in the Computers container. Figure 10-4 shows the Properties dialog box for the new computer account in Active Directory Users and Computers.

Figure 10-4 Properties dialog box for the new computer account created with the CreateComputer script.


Previous page
Table of content
Next page
MicrosoftR WindowsR 2000 Active DirectoryT Programming
MicrosoftR WindowsR 2000 Active DirectoryT Programming
ISBN: N/A
EAN: N/A
Year: 2001
Pages: 108
BUY ON AMAZON
Agile Project Management: Creating Innovative Products (2nd Edition)
Strategies for Information Technology Governance
Lotus Notes and Domino 6 Development (2nd Edition)
Wireless Hacks: Tips & Tools for Building, Extending, and Securing Your Network
Quartz Job Scheduling Framework: Building Open Source Enterprise Applications
FileMaker 8 Functions and Scripts Desk Reference
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy