Finaly, I have found a solution, to access the ADS on a computer which does not belong to a domain already. The problem was, that a command like $MyOU = GetObject( "LDAP://.... ) will use the login credential from the current user signed on. As long the computer not belong to a domain the command above cannot be used. To solve that problem, it is necessary to provide the valid account and the domain controller. The script below show how to add a new computer to ADS when the computer, where the script is running, not yet belong to a domain.
code:
; Set the login credential
$sUser = "Administrator"
$sPassword = "password"
; Set the domain controler and the proper context
$sDomain = "domaincontroller"
$sContainer = "OU=Clients"
; Connect to ADS with the provided login credential
$oProvider = GetObject("LDAP:")
$rootDSE = $oProvider.OpenDSObject("LDAP://" + $sDomain + "/RootDSE", $sUser, $sPassword, 1)
; Collect the proper path, and get the OU where the machine should be created
$sPath = "LDAP://" + $sDomain + "/" + $sContainer + ","
$sPath = $sPath + $rootDSE.Get("defaultNamingContext")
$MyOU = $oProvider.OpenDSObject($sPath, $sUser, $sPassword, 1)
IF NOT $MyOU = 0
$MachineObj = $MyOU.Create("computer", "CN=NewPC")
IF NOT $MachineObj = 0
; Set mandatory properties and save object
$MachineObj.samAccountName = "NewPC"
$MachineObj.SetInfo
; Activate the computer account
$MachineObj.AccountDisabled = False
$MachineObj.SetInfo
? @ERROR
?
? @SERROR
ELSE
? @ERROR
?
? @SERROR
ENDIF
ELSE
? @ERROR
?
? @SERROR
ENDIF
I still have a problem when I would like to access ADS through an ADO provider when the machine not yet belong to a domain. If someone has an idea how to provide the domaincontroller information, please let me know. Thanks
Cheers,
Joerg
