Re: Adding and Deleting Domain Computers

From: "Richard Mueller [MVP]" <rlmueller-NOSPAM@xxxxxxxxxxxxxxxxxxxx>
Date: Fri, 17 Jun 2005 19:59:11 -0500

Hi,

I run scripts at a command prompt with the cscript host. For example:

cscript //nologo JoinComputer.vbs

where //nologo eliminates header information that cscript.exe echos to the
screen. This command line assumes that the VBScript program
(JoinComputer.vbs) is in the current directory. Otherwise, you would have to
include the path. You could copy the program I linked to your computer and
rename to *.vbs.

As written, the example has two pieces of information hard coded in the
program. These are the NT name of group (the trustee to be granted the
permissions) and the Distinguished Name of the computer object. You could
either revise the information in the code, or modify the program to prompt
for the information. The relevant lines are:

' Specify the trustee - group NT name in form "MyDomain\GroupNTName".
strTrustee = "MyDomain\Marketing"

' Bind to the computer object with the LDAP provider.
strComputerDN = "cn=Mrktg23,cn=Computers,dc=MyDomain,dc=com"

To have the program prompt for this information, you could change this to
the following:

' Prompt for the trustee.
strTrustee = InputBox("Enter the group NT name, in the form
"MyDomain\GroupNTName")

' Prompt for the computer.
strComputerDN = InputBox("Enter the Distinguished Name of the computer
object")

The program can be run by a user with Administrative privileges in the
domain (a member of Domain Admins) who is authenticated in the domain. You
can also grant these permissions in ADUC, on the "Security" tab of the
properties dialog of the computer object - add the trustee, then select the
4 permissions to allow.

--
Richard
Microsoft MVP Scripting and ADSI
Hilltop Lab web site - http://www.rlmueller.net
--
"Ken" <Ken@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1B876787-2211-47F6-8252-7BD949E5AF51@xxxxxxxxxxxxxxxx
> This looks like what I need how do I execute the VB script from within the
> Domain.
>
> "Richard Mueller [MVP]" wrote:
>
> > Ken wrote:
> >
> > > I want to be able to let our IT Analyst add and remove computers from
our
> > > network but I dont wan tthem to have Administrator rights. I tried
using
> > the
> > > delgate control to let the paticular group have full control of the
> > computer
> > > objects but when I log in as a user with thoses rights its still
grayed
> > out.
> > > Does anyone have a way to allow this to happen without giving the
Domain
> > > Admin Rights.
> >
> > Hi,
> >
> > The permissions required to join a computer to a domain are:
> >
> > Reset Password
> > Validated write to DNS host name
> > Validated write to service principal name
> > Write Account Restrictions
> >
> > I have a sample VBScript program that assigns the necessary rights to a
> > group linked here:
> >
> > http://www.rlmueller.net/JoinComputer.htm
> >
> > --
> > Richard
> > Microsoft MVP Scripting and ADSI
> > Hilltop Lab web site - http://www.rlmueller.net
> > --
> >
> >
> >

.

References:
- Adding and Deleting Domain Computers
  - From: Ken
- Re: Adding and Deleting Domain Computers
  - From: Richard Mueller [MVP]
- Re: Adding and Deleting Domain Computers
  - From: Ken

Prev by Date: Re: Add / Remove Programs Restriction
Next by Date: Re: Add / Remove Programs Restriction
Previous by thread: Re: Adding and Deleting Domain Computers
Next by thread: Setting up sites in AD 2003
Index(es):
- Date
- Thread

Relevant Pages

Re: Website comes up as a blank page
... No brand-new machines should be used for browsing or anything else online without having first enabled a firewall, been fully-patched at Windows Update, and installing an AV app and updating its definitions. ... I would think that it was more of a Group Policy issue because the policy settings wouldn't affect Firefox, ... It looks like McAfee's "protections" are disabling scripting, or possibly another security application is. ... dialog to set anything which is currently Enable to Prompt. ...
(microsoft.public.windows.inetexplorer.ie6.browser)
Re: Website comes up as a blank page
... No brand-new machines should be used for browsing or anything else online without having first enabled a firewall, been fully-patched at Windows Update, and installing an AV app and updating its definitions. ... ~Robear Dyer ... It looks like McAfee's "protections" are disabling scripting, or possibly another security application is. ... dialog to set anything which is currently Enable to Prompt. ...
(microsoft.public.windows.inetexplorer.ie6.browser)
Re: [JavaScript Appliation] error message
... in order to see the effect of the interpreting of the script commands on the rendering ... any options which are currently Enable be made Prompt where possible. ... ActiveX controls which are safe for scripting, ... Provided you aren't overriding any custom settings of your own you would restore the ...
(microsoft.public.windows.inetexplorer.ie6.browser)
Re: Website comes up as a blank page
... But if that was the case, why does it work in Firefox? ... I would think that it was more of a Group Policy issue because the policy settings wouldn't affect Firefox, ... It looks like McAfee's "protections" are disabling scripting, or possibly another security application is. ... dialog to set anything which is currently Enable to Prompt. ...
(microsoft.public.windows.inetexplorer.ie6.browser)
Re: OWA Issues
... See the users having rights on mail boxes will get direct access will ... issue resolved by owa with form base authentication. ... and probally set to prompt for users having to enter there credentials. ...
(microsoft.public.exchange.admin)