呕心沥血加域脚本

    技术2022-05-14  6

    一、 Function 主要功能: 1. Directly rename it in the domain   在域中重命名 2. Rename it in the workgroup   在工作组中重命名 3. Join domain   加域

    二、Note 注意事项: 1. Privilege account must is acct or admin account with minuscule   特权帐号必须为acct 或 admin 的小写帐号 2. Check UAC setting  检查是否有UAC 设置 3. The new name of computer must less then 15 characters  新计算机名不能多于15个字符 4. You must know whether need to delete the same account while rename the computer or change the name. 重命名计算机时,如果域中已经有帐号,需要先删除(判断) 或重新输入 5. After rename the computer in the workgroup, you must run the tool again. 在工作组中重命名计算机后,在重新启动后需要再次运行此工具来加入域。 6. Only select sub-directory while join computer into domain 加域的时候,只能选择最底层的OU

    三、版本历史:

    0. 这是曾经的用批处理用netdom加域的,可是总是发生加不进去的问题。

    1. v1版本用Vb来加域,打算不用netdom命令,可是会发生如果已经存在帐号就加不进去,帐号刚刚被删除,也无法加进去。同时一个最无法接受的是不能指定OU,因为做这个脚本就是这个目的,故放弃。

    2. v2 版本又回到使用netdom上来,因为后来发现netdom可以指定DC,OU,这样一来就完全达到的要求,而且由于可以指定DC,所以如果对象存在,就可以先删除再加域,也可以加域成功。使用打开文件夹的方法实现指定目标OU。此为里程碑的版本

    3. v3 版本在v2版本的基础上增加了可以直接在域中重命名计算机的功能。

    4. v4 版本在v3版本的基础上集成了htm文件,从而可以输入操作帐号,增强了安全性。

    5. 非常要命的是当v4版本几乎完美的时候,发现在vista下总是报错,无法加域成功。然后通过网上搜,知道有vista同netdom有一个 bug,KB932173 由此判定netdom无法完成任务,故只好又转向用vbscript加域任何再用move的方法。但是move总是不成功。然后又发现其实用 vbscript可以指定OU,这个发现曾经让我兴奋不已,觉得总vbscript的路通了。所以又有了v5版本

    6. vbscript加域致命的问题依旧出现了,就是如果一个帐号存在,先删除,再加就加不进去了,总结为就是因为vbscript加域无法指定DC(鉴于前车之鉴,此次经多方确认)导致DC间尚未同步,故就加不进去了。

    7. 基于对vbscript加域彻底绝望,故再次在netdom上的v3上寻找突破,所以有了v3.2,3.2的最大突破是,发现在vista下无法成功,是由于

    Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or shared resource and try again..    以及在后边部分少了一些定义导致。

    8. v3.3和3.4 最大发现是在Vista下如果Enable 了UAC 则rename 的时候会显示 "Access is denied",所以增加check UAC的部分。

    9. v3.5在3.4的基础上增加了在加域前重命名计算机的功能。

    10. v3.6 和3.7 增加了集成htm文件提示输入操作帐号的功能。

    11. v3.7 和3.8 修复了一些bug,以及增加中文提示,最终定义为V5。

    四、技术突破

    1. 由于需要输入帐号密码,而如果仅仅是inputbox的方法的话,在输入密码的时候会可以看到,所以学会了结合htm文件来输入帐号和屏蔽密码。

    2. 学会了利用脚本运行的错误来实现判断 If err <> 0 then

    3. 学会使用intAnswer来实现交互

     intAnswer = Msgbox("Do you want toxxx ", vbYesNo, "Delete the computer account")

     If intAnswer = vbNo Then  ....

    4. 利用打开文件夹来模拟打开AD中的OU来实现加域时指定OU

    Const WINDOW_HANDLE = 0 Const OPTIONS = 0  strPath = “c:/temp”  Set objShell = CreateObject("Shell.Application")  Set objFolder = objShell.BrowseForFolder _      (WINDOW_HANDLE, "Select a OU (选择一个OU):", OPTIONS, strPath)

    5. 由于运行脚本的时候往往当前登录的验证信息不足以完成操作,比如说在域中直接rename,所以就需要特 权帐号来执行,而之前会的哪些脚本都是利用本身帐号的权限来完成的,故这个Challenge挑战在脚本一开始的时候就困扰我很久。查了很多文章,才找到 一些多种使用替代凭据运行执行语句的办法来适用多种情况。还有就是如果涉及到查询AD,如果能够指定DC最好,因为可能存在DC间复制延迟导致脚本运行失 败的可能,尤其是像我们这种跨国公司只有一个域,本地不是子域的情况。

        a. 当在脚本里面需要在AD中Getobject的时候,下面的方法可以指定DC和凭据

    Set root = GetObject("LDAP:") Set objcomputer = root.OpenDSObject("LDAP://DCNanme/cn=xxx,OU=xxx,dc=xxx,dc=xxx", strUser, strPassword,  _         ADS_USE_ENCRYPTION AND ADS_SECURE_AUTHENTICATION) 而以前是这么写的

    Set objComputer = GetObject(LDAP://cn=xxx,OU=xxx ,dc=xxx,dc=xxx)

        b. 当在脚本里面查询AD中的对象使用下面方法时,也可以制定DC和凭据

     Set objConnection = CreateObject("ADODB.Connection")  Set objCommand =   CreateObject("ADODB.Command")  objConnection.Provider = "ADsDSOObject"  objConnection.Properties("User ID") = strUser  objConnection.Properties("Password") = strPassword  objConnection.Properties("Encrypt Password") = True  objConnection.Open "Active Directory Provider"  Set objCommand.ActiveConnection = objConnection  objCommand.Properties("Page Size") = 1000  objCommand.CommandText = "LDAP://DCname/dc=xxx,dc=xxx ;" & _          "(&(objectCategory=computer)(objectClass=user)(Name=" & strComputer & "));" & _              "distinguishedName,name;Subtree"  Set objRecordSet = objCommand.Execute  SerTempDN = objRecordSet.Fields("distinguishedName").Value

    脚本如下:

    ' ---------------------------------------------------------------------------- ' JoinDomainForIT.vbs ' VBScript program to Join computer into domain or rename it in the AD ' Date: 08/12/2008 ' Version: 5.0 -- Change to Unicode and add chinese description. ' By: Mike Yang at AMD Suzhou 37890 ' ----------------------------------------------------------------------------

    On Error Resume Next

    ' ########################################################################### ' Get privilege account, e.g admin_xxx or acct_xxx ' ###########################################################################

    ' Dim Shell Dim oShell Set oShell = WScript.CreateObject ("WSCript.shell")

    ' ------------------------- ' Get User & Password ' ------------------------- Set objExplorer = WScript.CreateObject _     ("InternetExplorer.Application", "IE_")

    objExplorer.Navigate "file:/ssuzfile22/helpdesk$/JoinDomain/Password.htm "   objExplorer.ToolBar = 0 objExplorer.StatusBar = 0 objExplorer.Width = 620 objExplorer.Height = 420 objExplorer.Left = 100 objExplorer.Top = 100 objExplorer.Visible = 1            

    Do While (objExplorer.Document.Body.All.OKClicked.Value = "")     Wscript.Sleep 250                 Loop

    ' -------------------------------------------------------------- strUserName = objExplorer.Document.Body.All.UserName.Value strUser = "amd/" & strUserName strPassword = objExplorer.Document.Body.All.UserPassword.Value ' --------------------------------------------------------------

    strButton = objExplorer.Document.Body.All.OKClicked.Value objExplorer.Quit Wscript.Sleep 250

    If strButton = "Cancelled" Then  Wscript.Quit End If If strUsername = "" or strPassword = "" Then  Wscript.Quit End If

    ' ------------------------- ' Check input User ' ------------------------- adminxxx = Left(strUser,10) 'Wscript.echo adminxxx

    acctxxx =  Left(strUser,9) 'Wscript.echo acctxxx

    If adminxxx <> "amd/admin_" and acctxxx <> "amd/acct_" Then  Wscript.echo "" _   & "Error!! You must use acct_xxx or admin_xxx to run the tools. " & chr(10) & chr(13) _   & "错误!!请使用acct或admin帐号来运行此工具 " & chr(10) & chr(13) & chr(10) & chr(13) _   & "And you must use minuscule to inpute,like acct_yjay , please input again."& chr(10) & chr(13) _   & "同时请务必使用小写来输入,比如 acct_yjay, 请再次输入。"

     run8 = "//ssuzfile22/helpdesk$/joindomain/JoinDomainForIT.vbe "  'Wscript.echo run8  oShell.run run8,true  Wscript.quit End If

    ' ------------------------- ' Authenticate User ' -------------------------

    Const ADS_SECURE_AUTHENTICATION = 1 Const ADS_USE_ENCRYPTION = 2

    strPath = "OU=Suzhou,dc=amd,dc=com"

    Set root = GetObject("LDAP:") Set objOU = root.OpenDSObject("LDAP://SSUZDC3/ " & strPath, strUser, strPassword,  _         ADS_USE_ENCRYPTION AND ADS_SECURE_AUTHENTICATION)

    SuzDN = objOU.distinguishedName If err = 424 then  Wscript.echo "" _   & "Logon failure: unknown user name or bad password, please input again." & chr(10) & chr(13) & chr(10) & chr(13) _   & "登录失败,错误的用户名或者密码,请再次输入。"

     run8 = "//ssuzfile22/helpdesk$/joindomain/JoinDomainForIT.vbe "  'Wscript.echo run8  oShell.run run8,true  wscript.quit   ElseIf err <> 0 Then  Wscript.echo "" _   & "failed,please contack with Mike Yang (37890)" & chr(10) & chr(13) & chr(10) & chr(13) _   & "失败,请了联系 杨向群(37890)"

     run8 = "//ssuzfile22/helpdesk$/joindomain/JoinDomainForIT.vbe "  'Wscript.echo run8  oShell.run run8,true  Wscript.quit

    End If

    ' ########################################################################### ' Define ' ########################################################################### ' ------------------------- ' Define ' -------------------------

    ' Dim for open folder Const WINDOW_HANDLE = 0 Const OPTIONS = 0

    strPath = "//Ssuzfile22/helpdesk$/JoinDomain/amd.com "

    ' Dim auth 'strUser = "amd/xxxxx" 'strPassword = "xxxxx"

    ' Get ComputerName Set objNetwork = CreateObject("WScript.Network") strComputer = objNetwork.ComputerName UserDomain = objNetwork.userdomain UserName = objNetwork.username

    LogonName = UserDomain & "/" & UserName 'Wscript.Echo LogonName

    ' ------------------------------ ' Check if is it in the domain ' ------------------------------ Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!//" & strComputer & "/root/cimv2")

    'Set colItems = objWMIService.ExecQuery ("Select * from Win32_ComputerSystem") 'For Each objItem in colItems ' DomainName = objItem.domain 'Next

    Set objWMI = GetObject("winmgmts://./root/cimv2") Set colComputer = objWMI.ExecQuery("select DomainRole from win32_computersystem",,48) For Each objComputer in colComputer  role = objComputer.DomainRole Next

    'Wscript.echo role

    ' ########################################################################### ' Rename computer in the domain when it is in the domain ' ###########################################################################

    ' ------------------------------------- ' role = 0 or 2 is standlone computer ' ------------------------------------- ' If the computer is in the domain If role <> 0 and role <> 2 Then

     ' -------------------------------------  ' search AD to find the account  ' -------------------------------------  Set objConnection = CreateObject("ADODB.Connection")  Set objCommand =   CreateObject("ADODB.Command")  objConnection.Provider = "ADsDSOObject"

     objConnection.Properties("User ID") = strUser  objConnection.Properties("Password") = strPassword  objConnection.Properties("Encrypt Password") = True

     objConnection.Open "Active Directory Provider"  Set objCommand.ActiveConnection = objConnection

     objCommand.Properties("Page Size") = 1000

     objCommand.CommandText = "<LDAP://ssuzdc3/dc=amd,dc=com >;" & _          "(&(objectCategory=computer)(objectClass=user)(Name=" & strComputer & "));" & _              "distinguishedName,name;Subtree"  Set objRecordSet = objCommand.Execute  SerTempDN = objRecordSet.Fields("distinguishedName").Value

     ' -------------------------------------  ' If the account is lost in the AD  ' -------------------------------------  If err <> 0 Then   err.clear   Wscript.echo "" _    & "The computer is in the domain, but seems it has lost the account in the AD, " & chr(10) & chr(13) _    & "此计算机在域中, 但是似乎在活动目录中丢失了对应的帐号。 " & chr(10) & chr(13) & chr(10) & chr(13) _    & "Please unjoin it from domain manually, then run the tool again." & chr(10) & chr(13) _    & "请手动将此计算机退出域,然后再次运行此工具。"   Wscript.quit  End If

     ' -------------------------------------  ' Check the logon account  ' -------------------------------------  adminxxx = Left(LogonName,10)  'Wscript.echo adminxxx

     acctxxx =  Left(LogonName,9)  'Wscript.echo acctxxx

     If adminxxx <> "AMD/admin_" and acctxxx <> "AMD/acct_" Then   intAnswer = Msgbox( "" _    & "The computer is in the domain, to rename computer in the AD,you must logon as amd/acct_xxx or amd/admin_xxx ," & chr(10) & chr(13) _    & "此计算机已经在域中,如果你要直接在域中重命名它,你必须用acct或者admin帐号来登录到Windows。" & chr(10) & chr(13) & chr(10) & chr(13) _    & "Currently you are NOT logon as amd/acct_xxx or amd/admin_xxx, so could you log off now?" & chr(10) & chr(13) _    & "当前您没有用这类帐号来登录,你需要现在注销计算机吗?" & chr(10) & chr(13) & chr(10) & chr(13) _    & "If you click No, the script will quit!"& chr(10) & chr(13) _    & "如果您点击NO,此工具将退出。", vbYesNo, "Check logon account")

      If intAnswer = vbNo Then    Wscript.quit

      Else     Const LOG_OFF = 0     Const FORCED_LOG_OFF = 4

       Set objWMIService = GetObject("winmgmts:" _          & "{impersonationLevel=impersonate,(Shutdown)}!//" & strComputer & "/root/cimv2")    Set colOperatingSystems = objWMIService.ExecQuery _          ("Select * from Win32_OperatingSystem")    For Each objOperatingSystem in colOperatingSystems          ObjOperatingSystem.Win32Shutdown(FORCED_LOG_OFF)    Next

       Wscrit.quit   End If

     End If

     ' -------------------------------------  ' Check UAC  ' -------------------------------------  Const HKEY_LOCAL_MACHINE = &H80000002  Set StdOut = WScript.StdOut  Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!//" &_   strComputer & "/root/default:StdRegProv")

     dwKeyPath = "SOFTWARE/Microsoft/Windows/CurrentVersion/Policies/System"  dwValueName = "EnableLUA"  oReg.GetDWORDValue HKEY_LOCAL_MACHINE,dwKeyPath,dwValueName,dwValue  UAC = dwValue  'Wscript.echo UAC

     If UAC = 1 Then   Wscript.echo "" _    & "The computer is in the domain and its OS is Windows Vista. At present, UAC has been ENABLED!! " & chr(10) & chr(13) _    & "此计算机已经在域中,其操作系统是Windows Vista,UAC 设置是启用的!! " & chr(10) & chr(13) & chr(10) & chr(13) _    & "So if you want to directly rename it in the domain, please Disable UAC first and then run the tool again. Click OK to quit the tool." & chr(10) & chr(13) _    & "如果你需要直接在域中重命名此计算机,请先禁用UAC,然后再次运行此工具。点击 OK 退出此工具。"   Wscript.quit  End if

     ' -------------------------------------  ' Prompt input new computer name  ' -------------------------------------  intAnswer = Msgbox("" _    & "The computer is in the domain and you has logon as amd/acct_xxx or amd/admin_xxx, " & chr(10) & chr(13) _    & "此计算机已经在域中同时您已经使用acct或admin帐号登录Windows。 " & chr(10) & chr(13) & chr(10) & chr(13) _    & "Do you want to rename it in the domain? If you click No, the tool will quit!" & chr(10) & chr(13) _    & "你要重命名此计算机吗?如果您点击 NO,将退出此工具。" , vbYesNo, "Do you want to rename it?")

     If intAnswer = vbNo Then   Wscript.quit

     Else   ' ------------------------------   ' Check input   ' ------------------------------   kk = 1   do until kk = 0    kk = 0    InputNewComName = inputBox("" _     & "Currently, the computer's name is  " & strComputer & chr(10) & chr(13) _     & "当前的计算机名是 " & strComputer & chr(10) & chr(13) & chr(10) & chr(13) _     & "Please input your new Computer Name and click OK . Click  Cancel  to quit the tool." & chr(10) & chr(13) _     & "请输入新的计算机名并点击 OK 。点击 Cancle 退出此工具。" & chr(10) & chr(13)& chr(10) & chr(13) )

       ' ------------------------------    ' If no input    ' ------------------------------    If InputNewComName = "" Then     Wscript.quit    End If

       If Len(InputNewComName) > 15 Then     Wscript.Echo "" _      & "Your input is error, please fill in less than 15 characters" & chr(10) & chr(13) & chr(10) & chr(13) _      & "您的输入有误,计算机名不能多于15个字符。"     kk = 1

       Else     Set objConnection = CreateObject("ADODB.Connection")     Set objCommand =   CreateObject("ADODB.Command")     objConnection.Provider = "ADsDSOObject"

        objConnection.Properties("User ID") = strUser     objConnection.Properties("Password") = strPassword     objConnection.Properties("Encrypt Password") = True

        objConnection.Open "Active Directory Provider"     Set objCommand.ActiveConnection = objConnection

        objCommand.Properties("Page Size") = 1000

        objCommand.CommandText = "<LDAP://ssuzdc3/dc=amd,dc=com >;" & _              "(&(objectCategory=computer)(objectClass=user)(Name=" & InputNewComName & "));" & _                  "distinguishedName,name;Subtree"     Set objRecordSet = objCommand.Execute     SerDN = objRecordSet.Fields("distinguishedName").Value         If err = 0 Then      intAnswer = Msgbox("" _       & "The new computer name your input has exsited in the AD, Do you want to delete it first?" & chr(10) & chr(13) _       & "您输入的新计算机名在活动目录中已经存在,您想要在域中删除此帐号吗?" & chr(10) & chr(13) & chr(10) & chr(13) _       & "If you want to change another name please click No ." & chr(10) & chr(13) _       & "如果您需要重新输入新的计算机名,请点击 NO ", vbYesNo, "Delete the computer account")

         If intAnswer = vbNo Then       kk = 1      Else 

          Set root = GetObject("LDAP:")       Set objComputer = root.OpenDSObject("LDAP://SSUZDC3/ " & SerDN, strUser, strPassword, 200)       objComputer.DeleteObject(0)

          If err<>0 Then        err.clear        Wscript.Echo "" _         & "Delete computer is failed, the script will quit." & chr(10) & chr(13) & chr(10) & chr(13) _         & "删除帐号失败,此脚本将退出。"        Wscript.quit       Else        Wscript.Echo "" _         & "Delete computer is successfully! Please click OK to continue!" & chr(10) & chr(13) & chr(10) & chr(13) _         & "删除帐号成功,请点击 OK 继续。"       End If

         End If      Else

         err.clear

        End If    End If   Loop

      ' ------------------------------   ' Rename   ' ------------------------------   Set objWMIService = GetObject("Winmgmts:root/cimv2")

      For Each objComputer in _        objWMIService.InstancesOf("Win32_ComputerSystem")         err = ObjComputer.Rename(InputNewComName)

       If err = 1326 Then     Wscript.echo "" _      & "bad password" & chr(10) & chr(13) & chr(10) & chr(13) _      & "密码错误"     Wscript.quit

       ElseIf err = 5 Then     Wscript.echo "" _      & "Access is denied." & chr(10) & chr(13) & chr(10) & chr(13) _      & "拒绝访问。"     Wscript.quit    ElseIf err <> 0 Then                   Wscript.echo err.number     Wscript.quit    End If

      Next   err.clear         ' ------------------------------   ' Restart   ' ------------------------------   Wscript.echo "" _    & "Rename the computer is successful, Please click OK to restart your computer!" & chr(10) & chr(13) & chr(10) & chr(13) _    & "重命名计算机成功,请点击 OK 重启您的计算机。"   run0 = "shutdown -r -f -t 1"   'Wscript.echo run0   oShell.run run0,true   Wscript.quit  

     End If   End If

    ' ########################################################################### ' Join into Domain when computer out of domain ' ###########################################################################

    ' ------------------------- ' Connect to file ' -------------------------

    'run1 = "net use //ssuzfile22/helpdesk$ " & strPassword & " /user:" & struser 'Wscript.echo run1 'oShell.run run1,true

    ' ------------------------------- ' Ask user is current accout OK? ' ------------------------------- intAnswer = Msgbox("" _   & "Your computer's name is " & strComputer & chr(10) & chr(13) _   & "此计算机的名字是" & strComputer & chr(10) & chr(13) & chr(10) & chr(13) _   & "Please click Yes  --  If you want to join it into domain with the name. " & chr(10) & chr(13) _   & "请点击 Yes  -- 如果您想用此名称来加入域,  " & chr(10) & chr(13) & chr(10) & chr(13) _   & "Please click No   --  If you want to rename it first." & chr(10) & chr(13) _   & "请点击 No   -- 如果您想先重命名它。" & chr(10) & chr(13) & chr(10) & chr(13) _   & "After rename the computer and restarted, please run the tool again." & chr(10) & chr(13) _   & "在您重命名以及重新启动计算机后, 请再次运行此工具.", vbYesNo, "Do you like the name?")

    If intAnswer = vbYes Then

     ' -------------------------  ' Get computer info  ' -------------------------  Set objConnection = CreateObject("ADODB.Connection")  Set objCommand =   CreateObject("ADODB.Command")  objConnection.Provider = "ADsDSOObject"  objConnection.Properties("User ID") = strUser  objConnection.Properties("Password") = strPassword  objConnection.Properties("Encrypt Password") = True

     objConnection.Open "Active Directory Provider"  Set objCommand.ActiveConnection = objConnection

     objCommand.Properties("Page Size") = 1000

     objCommand.CommandText = "<LDAP://ssuzdc3/dc=amd,dc=com >;" & _          "(&(objectCategory=computer)(objectClass=user)(Name=" & strComputer & "));" & _              "distinguishedName,name;Subtree"  Set objRecordSet = objCommand.Execute

     strComDN = objRecordSet.Fields("distinguishedName").Value  'Wscript.echo strComDN

     ' -----------------------------------  ' Check the computer account in AD  ' -----------------------------------  If err=0 Then     intAnswer = Msgbox("" _     & "Your Computer is NOT in the domain, but now the computer account is existent in the AD, " & chr(10) & chr(13) _     & "此计算机不在域中,但是在活动目录中已经存在同名的帐号。 " & chr(10) & chr(13) & chr(10) & chr(13) _     & "Do you want to delete it first? If you click No, the tool will quit!" & chr(10) & chr(13) _     & "您想先删除此同名帐号吗?如果您点击 No, 此工具将退出。", vbYesNo, "Delete the computer account")

       If intAnswer = vbYes Then

        Set root = GetObject("LDAP:")     Set objComputer = root.OpenDSObject("LDAP://SSUZDC3/ " & strComDN, strUser, strPassword, 200)     objComputer.DeleteObject(0)

        If err<>0 Then      err.clear      Wscript.Echo "" _       & "Delete computer is failed, the tool will quit." & chr(10) & chr(13) & chr(10) & chr(13) _       & "删除计算机帐号失败, 此工具将退出."      Wscript.quit     Else

        Wscript.Echo "" _      & "Delete computer is successfully! Please click OK to continue!" & chr(10) & chr(13) & chr(10) & chr(13) _      & "删除计算机帐号成功,请点击 OK 继续下一步。"

        End If     Else     Wscript.quit    End If  Else   err.clear    End If

    Else

    ' ------------------------------ ' Rename and restart ' ------------------------------

     ' ------------------------------  ' Check input  ' ------------------------------  kk = 1  do until kk = 0   kk = 0   InputNewComName = inputBox("" _    & "Currently, the computer's name is  " & strComputer & chr(10) & chr(13) _    & "此计算机当前名为  " & strComputer & chr(10) & chr(13) & chr(10) & chr(13) _    & "Please input your new Computer Name and click OK . Click  Cancel  to quit the tool." & chr(10) & chr(13) _    & "请输入新计算机名,并点击 OK 。点击 Cancel 退出此工具" & chr(10) & chr(13) & chr(10) & chr(13) )

      ' ------------------------------   ' If no input   ' ------------------------------   If InputNewComName = "" Then    Wscript.quit   End If

      If Len(InputNewComName) > 15 Then    Wscript.Echo "" _     & "Your input is error, please fill in less than 15 characters." & chr(10) & chr(13) & chr(10) & chr(13) _     & "您的输入有误,计算机名不能多于15个字符。"    kk = 1

      Else    Set objConnection = CreateObject("ADODB.Connection")    Set objCommand =   CreateObject("ADODB.Command")    objConnection.Provider = "ADsDSOObject"    objConnection.Properties("User ID") = strUser    objConnection.Properties("Password") = strPassword    objConnection.Properties("Encrypt Password") = True

       objConnection.Open "Active Directory Provider"    Set objCommand.ActiveConnection = objConnection

       objCommand.Properties("Page Size") = 1000

       objCommand.CommandText = "<LDAP://ssuzdc3/dc=amd,dc=com >;" & _          "(&(objectCategory=computer)(objectClass=user)(Name=" & InputNewComName & "));" & _                "distinguishedName,name;Subtree"    Set objRecordSet = objCommand.Execute    strNewDN = objRecordSet.Fields("distinguishedName").Value        If err = 0 Then     intAnswer = Msgbox("" _      & "Your input computer account is existent in the AD, Do you want to delete it first? " & chr(10) & chr(13) _      & "您输入的计算机帐号在活动目录中已经存在, 您想删除此现有的帐号吗?" & chr(10) & chr(13) & chr(10) & chr(13) _      & "If you click No, will try to input another computername!" & chr(10) & chr(13) _      & "如果您点击 NO, 您将可以重新输入新的名称。", vbYesNo, "Delete the computer account")

        If intAnswer = vbYes Then

         Set root = GetObject("LDAP:")      Set objComputer = root.OpenDSObject("LDAP://SSUZDC3/ " & strNewDN, strUser, strPassword, 200)      objComputer.DeleteObject(0)

         If err<>0 Then       err.clear       Wscript.Echo "" _        & "Delete computer is failed, the tool will quit." & chr(10) & chr(13) & chr(10) & chr(13) _        & "删除计算机帐号失败, 此工具将退出."       Wscript.quit      Else

          Wscript.Echo "" _        & "Delete computer is successfully! Please click OK to continue!" & chr(10) & chr(13) & chr(10) & chr(13) _        & "删除计算机帐号成功,请点击 OK 继续下一步。"

         End If 

        Else      kk = 1       End If 

       End If   End If

     Loop

     ' ------------------------------  ' Rename  ' ------------------------------  Set objWMIService = GetObject("Winmgmts:root/cimv2")

     For Each objComputer in _   objWMIService.InstancesOf("Win32_ComputerSystem")        err = ObjComputer.Rename(InputNewComName)

      If err = 1326 Then    Wscript.echo "" _     & "bad password" & chr(10) & chr(13) & chr(10) & chr(13) _     & "密码错误"    Wscript.quit

      ElseIf err = 5 Then    Wscript.echo "" _     & "Access is denied." & chr(10) & chr(13) & chr(10) & chr(13) _     & "拒绝访问。"    Wscript.quit   ElseIf err <> 0 Then          Wscript.echo err.number    Wscript.quit   End If

     Next  err.clear        ' ------------------------------  ' Restart  ' ------------------------------  Wscript.echo "" _   & "Rename the computer is successful, Please click OK to restart Your Computer! And run the tool again." & chr(10) & chr(13) & chr(10) & chr(13) _   & "重命名计算机成功,请点击 OK 重新启动计算机并再次运行此工具。"

     run0 = "shutdown -r -f -t 1"  'Wscript.echo run0  oShell.run run0,true  Wscript.quit

    End If

    ' ------------------------- ' Select Path ' ------------------------- KK = 1 Do until kk = 0  kk = 0

     Set objShell = CreateObject("Shell.Application")  Set objFolder = objShell.BrowseForFolder _      (WINDOW_HANDLE, "Select a OU (选择一个OU):", OPTIONS, strPath)

     If objFolder Is Nothing Then      Wscript.Quit  End If

     Set objFolderItem = objFolder.Self  objPath = objFolderItem.Path

     ' -------------------------  ' Check Path  ' -------------------------  If objPath = strPath or objPath = strPath+"/Suzhou" or objPath = strPath+"/Suzhou/Servers" or objPath = strPath+"/Suzhou/Workstations" Then   'Wscript.Echo "error " & objPath & "Please select again!"

      Wscript.Echo "" _    & "Error Path, Please select its subdirectory!" & chr(10) & chr(13) & chr(10) & chr(13) _    & "错误的路径,请重新选择下层目录。"   KK = 1

     ElseIf objPath = strPath+"/Suzhou/Servers/Physical Servers" Then   OU = "OU=Physical Servers,OU=Servers,OU=Suzhou,DC=amd,DC=com"

     ElseIf objPath = strPath+"/Suzhou/Servers/Virtual DEV Servers" Then   OU = "OU=Virtual DEV Servers,OU=Servers,OU=Suzhou,DC=amd,DC=com"

     ElseIf objPath = strPath+"/Suzhou/Servers/Virtual Infrastructure Servers" Then   OU = "OU=Virtual Infrastructure Servers,OU=Servers,OU=Suzhou,DC=amd,DC=com"

     ElseIf objPath = strPath+"/Suzhou/Workstations/Laptops" Then   OU = "OU=Laptops,OU=Workstations,OU=Suzhou,DC=amd,DC=com"

     ElseIf objPath = strPath+"/Suzhou/Workstations/PCs" Then   OU = "OU=PCs,OU=Workstations,OU=Suzhou,DC=amd,DC=com"

     ElseIf objPath = strPath+"/Suzhou/Workstations/Virtual DEVs" Then   OU = "OU=Virtual DEVs,OU=Workstations,OU=Suzhou,DC=amd,DC=com"

     End If Loop

    strOU = """" & OU & """" 'Wscript.echo OU 'Wscript.echo strOU

    ' ------------------------- ' Join Domain ' ------------------------- run3 = "//ssuzfile22/helpdesk$/JoinDomain/netdom join " & strComputer & " /Domain:amd.com/ssuzdc3" & " /OU:" & strOU & " /userd:" & struser & " /passwordd:" & strPassword 'Wscript.echo run3 oShell.run run3,true Wscript.sleep 3000

    ' ------------------------- ' research the account ' ------------------------- Set objConnection = CreateObject("ADODB.Connection") Set objCommand =   CreateObject("ADODB.Command") objConnection.Provider = "ADsDSOObject"

    objConnection.Properties("User ID") = strUser objConnection.Properties("Password") = strPassword objConnection.Properties("Encrypt Password") = True

    objConnection.Open "Active Directory Provider" Set objCommand.ActiveConnection = objConnection

    objCommand.Properties("Page Size") = 1000 objCommand.CommandText = "<LDAP://ssuzdc3/dc=amd,dc=com >;" & _         "(&(objectCategory=computer)(objectClass=user)(Name=" & strComputer & "));" & _             "distinguishedName,name;Subtree" Set objRecordSet = objCommand.Execute

    strTargetDN = objRecordSet.Fields("distinguishedName").Value

    If err<>0 Then  wscript.echo err  err.clear  Wscript.echo "" _   & "The computer is not be joined into domain, please contact Mike Yang (37890)" & chr(10) & chr(13) & chr(10) & chr(13) _   & "计算机加入域失败,请联系 杨向群 (37890)"  Wscript.quit End If

    ' ------------------------- ' Check the target OU ' ------------------------- tDN = "CN=" & strComputer & "," & OU 'Wscript.echo tDN

    If strTargetDN = tDN Then  Wscript.echo "" _   & "The computer has be joined into AMD domain successfully. Please click OK to restart your computer!" & chr(10) & chr(13) & chr(10) & chr(13) _   & "此计算机成功加入域,请单击 OK 重新启动计算机。" Else  Wscript.echo "" _   & "The computer has be joined into AMD domain successfully, but seems target OU is error." & chr(10) & chr(13) & chr(10) & chr(13) _   & "此计算机成功加入域,但是似乎目标OU是错误的,请单击 OK 重新启动计算机。" End If

    run4 = "shutdown -r -f -t 1" 'Wscript.echo run4 oShell.run run4,true

     

     

    转贴自http://hi.baidu.com/mikeoldyang/blog/item/1ea1d1d53acc8e09a08bb7c8.html


    最新回复(0)