|
|
|||||||
Hi all, at first, sorry for my bad english and if the question already asked. I'm trying to make a script that add computer to ad group (security, distribution, global). All the example I found are for user. So is there a way to do what i want? |
||||||||
|
|
|||||||
Get NETDOM from Microsoft and then script what you want with it. There are some UDFs here but not sure they're as complete as you need for what you're wanting to do but they might be. Search in the UDF forum. |
||||||||
|
|
|||||||
Originally Posted By: NTDOC Get NETDOM from Microsoft and then script what you want with it. There are some UDFs here but not sure they're as complete as you need for what you're wanting to do but they might be. Search in the UDF forum. Would you stop suggesting NETDOM :P Try here: ADSI Computer Essentials |
||||||||
|
|
|||||||
Originally Posted By: apronk Nope, LOL NETDOM has gone through extensive testing and has a hundred more options/features then your script Now maybe some day you'll get time to match NETDOM in script format so I'll still have to at least suggest it. For quickie your code should work though I suppose. |
||||||||
|
|
|||||||
I'm not comparing NetDom to my scripts Just saying that anything NETDOM does can be done trough LDAP/WinNT Scripting. |
||||||||
|
|
|||||||
so at first thanks for your answer... Can I consider that a workstation is like a user? I want to say that I find a lot of add user group but never a add computer group? |
||||||||
|
|
|||||||
No, there is a distinct difference between a user and a computer account. There is no Computer Group, nor can one be created, a computer account cannot be a member of a group. |
||||||||
|
|
|||||||
Originally Posted By: apronk ...a computer account cannot be a member of a group. I create groups for computers and add computers as members. |
||||||||
|
|
|||||||
Originally Posted By: Les Originally Posted By: apronk ...a computer account cannot be a member of a group. I create groups for computers and add computers as members. I stand corrected, I never needed to Just checked if it could. One of the downsides of only scripting your AD |
||||||||
|
|
|||||||
Erhm, there's two kinds of accounts - user and computer with different things in 'em of course - and then there's groups, that can contain accounts :). Shouldn't be a biggie to add a computer instead of user scriptwise. Am I wrong? Code: ;accountname = computer or user ;groupname = name of group to add account to $ldap = GetObject("LDAP://OU=SomeSubOU,OU=SomeOU,DC=SomeDomain,DC=SomeDomainExtention") $ldap.Add("[accountname]","[groupname]") Just 'translated' from vbs; Code: $strDomain="Workgroup" $strComp="jdoe" $strGroupName ="Administrators" $oDomain = GetObject("WinNT://" + $strDomain) $oGroup = $oDomain.GetObject("Group", $strGroupName) $oGroup.Add ("WinNT://" + $strDomain + "/" + $strComp) |
||||||||
|
|
|||||||
Nope, works exactly the same as adding users to groups. |
||||||||
|
|
|||||||
Think i 'fixed' my snippet, could you perhaps verify? |
||||||||
|
|
|||||||
Does this work for anyone else? Code: $strDomain="Workgroup" $strComp="jdoe" $strGroupName ="Administrators" $oDomain = GetObject("WinNT://" + $strDomain) $oGroup = $oDomain.GetObject("Group", $strGroupName) $oGroup.Add ("WinNT://" + $strDomain + "/" + $strComp) Quote: 0009] Encountered: COM exception error "Add" ((null) - (null)) [-2147352567/8002 I also get the same error when using the GroupAdd() udf. |
||||||||
|
|
|||||||
Can anyone verify this for me please? |
||||||||
|
|
|||||||
Is there anyone that could help me out here? I'm not able to add a computer to a domain group with the posted code. I'm not sure what would need to change or if it's even possible? Any ideas? |
||||||||
|
|
|||||||
Well can't promise but if I get time today I'll try to test out some code for you. What exactly are you trying to do? Place a single computer into a Active Directory group? Is the computer already a member of the Domain or you're adding it to the Domain as well? |
||||||||
|
|
|||||||
Thanks NTDOC...I plan on using islaptop() or a GPO wmi filter to determine if the current computer is a laptop and add the computer account to a domain group. The computers are already members of the domain so I'm not trying to do anything other than the above. |
||||||||
|
|
|||||||
When You are working on AD objects using WinNT the names are NT4 names, so the name for a computer named JDOE will be JDOE$. The code for Adding computer JDOE to a group would be: Code: $strDomain="Workgroup" $strComp="jdoe$$" $strGroupName ="Administrators" $oDomain = GetObject("WinNT://" + $strDomain) $oGroup = $oDomain.GetObject("Group", $strGroupName) $oGroup.Add ("WinNT://" + $strDomain + "/" + $strComp) -Erik |
||||||||
|
|
|||||||
That's IT! Thank you so much! |