(Fresh Scripter)

2007-06-13 09:08 PM

adding computer in groups

Hi all,

at first, sorry for my bad english and if the question already asked.

I'm trying to make a script that add computer to ad group (security, distribution, global).

All the example I found are for user. So is there a way to do what i want?

NTDOC

(KiX Master)

2007-06-13 10:48 PM

Re: adding computer in groups

Get NETDOM from Microsoft and then script what you want with it.

There are some UDFs here but not sure they're as complete as you need for what you're wanting to do but they might be. Search in the UDF forum.

Arend_

(MM club member)

2007-06-14 10:14 AM

Re: adding computer in groups

Originally Posted By: NTDOC

Would you stop suggesting NETDOM :P
Try here: ADSI Computer Essentials

NTDOC

(KiX Master)

2007-06-14 11:10 AM

Re: adding computer in groups

Originally Posted By: apronk

Would you stop suggesting NETDOM :P
Try here: ADSI Computer Essentials

Nope, LOL

NETDOM has gone through extensive testing and has a hundred more options/features then your script $;\)$

Now maybe some day you'll get time to match NETDOM in script format so I'll still have to at least suggest it.

For quickie your code should work though I suppose.

Arend_

(MM club member)

2007-06-14 11:38 AM

Re: adding computer in groups

I'm not comparing NetDom to my scripts $\:\)$
Just saying that anything NETDOM does can be done trough LDAP/WinNT Scripting.

sealover

(Fresh Scripter)

2007-06-14 12:55 PM

Re: adding computer in groups

so at first thanks for your answer...

Can I consider that a workstation is like a user? I want to say that I find a lot of add user group but never a add computer group?

Arend_

(MM club member)

2007-06-14 03:12 PM

Re: adding computer in groups

No, there is a distinct difference between a user and a computer account.
There is no Computer Group, nor can one be created, a computer account cannot be a member of a group.

Les

(KiX Master)

2007-06-14 03:18 PM

Re: adding computer in groups

Originally Posted By: apronk

...a computer account cannot be a member of a group.

Huh?

I create groups for computers and add computers as members.

Arend_

(MM club member)

2007-06-14 03:30 PM

Re: adding computer in groups

Originally Posted By: Les

Originally Posted By: apronk

...a computer account cannot be a member of a group.

Huh?

I create groups for computers and add computers as members.

I stand corrected, I never needed to $\:\)$
Just checked if it could.

One of the downsides of only scripting your AD $\:\)$

Björn

(Korg Regular)

2007-07-05 09:43 AM

Re: adding computer in groups

Erhm, there's two kinds of accounts - user and computer with different things in 'em of course - and then there's groups, that can contain accounts :). Shouldn't be a biggie to add a computer instead of user scriptwise.

Am I wrong?

Code:

;accountname = computer or user
;groupname = name of group to add account to
$ldap = GetObject("LDAP://OU=SomeSubOU,OU=SomeOU,DC=SomeDomain,DC=SomeDomainExtention")
$ldap.Add("[accountname]","[groupname]")

Just 'translated' from vbs;

Code:

$strDomain="Workgroup"
$strComp="jdoe"
$strGroupName ="Administrators"

$oDomain = GetObject("WinNT://" + $strDomain)
$oGroup = $oDomain.GetObject("Group", $strGroupName)
$oGroup.Add ("WinNT://" + $strDomain + "/" + $strComp)

Arend_

(MM club member)

2007-07-05 09:52 AM

Re: adding computer in groups

Nope, works exactly the same as adding users to groups.

Björn

(Korg Regular)

2007-07-05 09:56 AM

Re: adding computer in groups

Think i 'fixed' my snippet, could you perhaps verify? $;\)$

brewdude6

(Hey THIS is FUN)

2007-10-25 12:07 AM

Re: adding computer in groups

Does this work for anyone else?

Code:

$strDomain="Workgroup"
$strComp="jdoe"
$strGroupName ="Administrators"

$oDomain = GetObject("WinNT://" + $strDomain)
$oGroup = $oDomain.GetObject("Group", $strGroupName)
$oGroup.Add ("WinNT://" + $strDomain + "/" + $strComp)

When I try to add a computer to a group I get this error:

Quote:

0009] Encountered: COM exception error "Add" ((null) - (null)) [-2147352567/8002

I also get the same error when using the GroupAdd() udf.

brewdude6

(Hey THIS is FUN)

2007-10-29 01:52 PM

Re: adding computer in groups

Can anyone verify this for me please?

brewdude6

(Hey THIS is FUN)

2007-10-31 05:23 PM

Re: adding computer in groups

Is there anyone that could help me out here? I'm not able to add a computer to a domain group with the posted code. I'm not sure what would need to change or if it's even possible? Any ideas?

NTDOC

(KiX Master)

2007-10-31 06:13 PM

Re: adding computer in groups

Well can't promise but if I get time today I'll try to test out some code for you.

What exactly are you trying to do?

Place a single computer into a Active Directory group?

Is the computer already a member of the Domain or you're adding it to the Domain as well?

brewdude6

(Hey THIS is FUN)

2007-10-31 06:50 PM

Re: adding computer in groups

Thanks NTDOC...I plan on using islaptop() or a GPO wmi filter to determine if the current computer is a laptop and add the computer account to a domain group.

The computers are already members of the domain so I'm not trying to do anything other than the above.

kholm

(Korg Regular)

2007-10-31 06:52 PM

Re: adding computer in groups

When You are working on AD objects using WinNT the names are NT4 names, so the name for a computer named JDOE will be JDOE$.
The code for Adding computer JDOE to a group would be:

Code:

$strDomain="Workgroup"
$strComp="jdoe$$"
$strGroupName ="Administrators"

$oDomain = GetObject("WinNT://" + $strDomain)
$oGroup = $oDomain.GetObject("Group", $strGroupName)
$oGroup.Add ("WinNT://" + $strDomain + "/" + $strComp)

-Erik

brewdude6

(Hey THIS is FUN)

2007-10-31 06:56 PM

Re: adding computer in groups

That's IT! Thank you so much!