查看: 328|回复: 0
打印 上一主题 下一主题




发表于 2008-12-30 11:25:48 | 只看该作者 回帖奖励 |倒序浏览 |阅读模式


您需要 登录 才可以下载或查看,没有帐号?注册

  mcse注:其实这是 按照ADSI(Active Directory Services Interface:活动目录服务接口)写的程序。如果你安装了resource kit,这段代码可以用netcom这条命令进行工作,下面是netcom的一个例子:   NETDOM /Domain:MYDOMAIN /user:adminuser /password:apassword MEMBER MYCOMPUTER /ADD   ***********************   '* Start Script   '***********************   Dim sComputerName, sUserOrGroup, sPath, computerContainer, rootDSE, lFlag   Dim secDescriptor, dACL, ACE, oComputer, sPwd      '   '* Declare constants used in defining the default location for the   '* machine account, flags to identify the object as a machine account,   '* and security flags   'Const UF_WORKSTATION_TRUST_ACCOUNT = &H1000   Const UF_ACCOUNTDISABLE = &H2   Const UF_PASSWD_NOTREQD = &H20   Const ADS_GUID_COMPUTRS_CONTAINER = "aa312825768811d1aded00c04fd8d5cd"   Const ADS_ACETYPE_ACCESS_ALLOWED = 0   Const ADS_ACEFLAG_INHERIT_ACE = 2      '   '* Set the flags on this object to identify it as a machine account   '* and determine the name. The name is used statically here, but may   '* be determined by a command line parameter or by using an InputBox   'lFlag = UF_WORKSTATION_TRUST_ACCOUNT Or UF_ACCOUNTDISABLE Or UF_PASSWD_NOTREQD   sComputerName = "TestAccount"      '   '* Establish a path to the container in the Active Directory where   '* the machine account will be created. In this example, this will   '* automatically locate a domain controller for the domain, read the   '* domain name, and bind to the default "Computers" container   '*********************************************************************      Set rootDSE = GetObject("LDAP://RootDSE")   sPath = "LDAP://"   Set computerContainer = GetObject(sPath)   sPath = "LDAP://" & computerContainer.Get("distinguishedName")   Set computerContainer = GetObject(sPath)      ''* Here, the computer account is created. Certain attributes must   '* have a value before calling .SetInfo to commit (write) the object   '* to the Active Directory   'Set oComputer = computerContainer.Create("computer", "CN=" & sComputerName)   oComputer.Put "samAccountName", sComputerName "$"   oComputer.Put "userAccountControl", lFlag   oComputer.SetInfo      '   '* Establish a default password for the machine account   'sPwd = sComputerName & "$"   sPwd = LCase(sPwd)   oComputer.SetPassword sPwd      ''* Specify which user or group may activate/join this computer to the   '* domain. In this example, "MYDOMAIN" is the domain name and   '* "JoeSmith" is the account being given the permission. Note that   '* this is the downlevel naming convention used in this example.   'sUserOrGroup = "MYDOMAIN\joesmith"      ''* Bind to the Discretionary ACL on the newly created computer account   '* and create an Access Control Entry (ACE) that gives the specified   '* user or group full control on the machine account   'Set secDescriptor = oComputer.Get("ntSecurityDescriptor")   Set dACL = secDescriptor.DiscretionaryAcl   Set ACE = CreateObject("AccessControlEntry")      '   '* An AccessMask of "-1" grants Full Control   '   ACE.AccessMask = -1   ACE.AceType = ADS_ACETYPE_ACCESS_ALLOWED   ACE.AceFlags = ADS_ACEFLAG_INHERIT_ACE      ''* Grant this control to the user or group specified earlier.   'ACE.Trustee = sUserOrGroup      '   '* Now, add this ACE to the DACL on the machine account   'dACL.AddAce ACE   secDescriptor.DiscretionaryAcl = dACL      '   '* Commit (write) the security changes to the machine account   'oComputer.Put "ntSecurityDescriptor", Array(secDescriptor)   oComputer.SetInfo      ''* Once all parameters and permissions have been set, enable the   '* account.   '   oComputer.AccountDisabled = False   oComputer.SetInfo      ''* Create an Access Control Entry (ACE) that gives the specified user   '* or group full control on the machine account   'wscript.echo "The command completed successfully."      '*****************   '* End Script   '*****************       <
您需要登录后才可以回帖 登录 | 注册


快速回复 返回顶部 返回列表