Re: Join computer to a domain

From: Oli Restorick [MVP] (oli_at_mvps.org)
Date: 05/06/04 

Date: Thu, 6 May 2004 19:01:19 +0100

I'm not sure of the script or its effects, but definitely create a new
domain account specifically for domain joins. I would also create a group,
place this account in it and then use the delegation of control wizard to
delgate the right to create and delete computer accounts from the OUs and
containers you want the machines to end up in.

The "Add workstations to the domain" user right is really a legacy thing
and, while you can change the number of machines a regular user can add, I
think zero is a good setting for it.

Hope this helps

Oli

"SA" <nospam@nospam.nospam> wrote in message
news:e5syhR4MEHA.3380@TK2MSFTNGP11.phx.gbl...
> Hi all,
> I want to use this script I found at the script center to speed up the
> process of joing the domain and had a few questions about it:
>
> Should I create a special domain account for this script and where would I
> increase the count of machine added from the default of 10 for this
> machine.
> This script will be run as the local administrator of the machine.
>
> Const JOIN_DOMAIN = 1
> Const ACCT_CREATE = 2
> Const ACCT_DELETE = 4
> Const WIN9X_UPGRADE = 16
> Const DOMAIN_JOIN_IF_JOINED = 32
> Const JOIN_UNSECURE = 64
> Const MACHINE_PASSWORD_PASSED = 128
> Const DEFERRED_SPN_SET = 256
> Const INSTALL_INVOCATION = 262144
> strDomain = "FABRIKAM"
> strPassword = "ls4k5ywA"
> strUser = "shenalan"
> Set objNetwork = CreateObject("WScript.Network")
> strComputer = objNetwork.ComputerName
> Set objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\"
> &
> _
> strComputer & "\root\cimv2:Win32_ComputerSystem.Name='"
> &
> _
> strComputer & "'")
> ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, _
> strPassword, _
> strDomain & "\" & strUser,
> _
> NULL, _
> JOIN_DOMAIN + ACCT_CREATE)
>
> Thanks.
> -SA.
>
>

Relevant Pages

  • Re: Logon Scripts over VPN connections
    ... What we do is to have the user cache his domain password on the computer by ... He then logs on to his domain account in order to establish ... log in again exactly as if he were connected to the network. ... However when I try to run a logon script to map ...
    (microsoft.public.scripting.vbscript)
  • Re: Encrypting VB startup script
    ... If all computers are members of the domain, and you have a domain account ... (any domain administrator member by default), you can script this remotely ... need to have access to whatever software you use to encrypt the script so ...
    (microsoft.public.windows.server.active_directory)
  • Re: Disable LPT1 script
    ... using their domain account - even with regular local user permissions, ... command manually from their computers while logged in as them, ... > work in a group policy startup script. ...
    (microsoft.public.win2000.networking)
  • Re: Scheduler "Path not found" err - More info
    ... If you log in as that domain account, can you manually do the things you ... Steve Morgan wrote: ... > being used in my err logs and scheduler is runing the job under the ... > The script tries to connect to 2 locations, ...
    (microsoft.public.scripting.vbscript)
  • Re: IfMember.exe
    ... Testing the script on a administrator user, I got "Regular user", ... You need to add administrators to the ifmember ... A power user: "Admin & Power User" ...
    (microsoft.public.windows.server.scripting)