Re: Small Simple VBscript Problem - Adding Users to Local Group
- From: "script-newb" <ClayTech@xxxxxxxxx>
- Date: 30 Jan 2007 10:44:53 -0800
Thanks a million.
I did not think about a method of not authenticating but still
"stuffing" the ad user in the local group.
This will work great in my situation because the locally logged on
admin account is really a mirror of their ad account just local.
Example:
Remote laptop user uses a local admin account named joeblow and is in
a workgroup.
The above help is part of my full script which when complete will get
deployed via the Altiris Agent, join the pc to the domain, take the
currently logged on username (testmachine\joeblow), separate the
joeblow name out and add mydomain\joeblow user into the local admin
group.
One thing I have not figure out yet is how to get their current local
profile converted/moved to the new domain local profile that they will
be creating/using once they log on via domain.
Thanks again Richard, I am always finding your scripting expertise a
lot of help in my daily tasks.
Clay
On Jan 30, 12:36 pm, "Richard Mueller [MVP]" <rlmueller-
NOS...@xxxxxxxxxxxxxxxxxxxx> wrote:
If you are not authenticated to the domain, you cannot bind to the user
object. I think the net command works because it just stuffs the specified
name in the member attribute of the group object, without binding to the
corresponding domain object, or validating that it is a good name. I
normally bind to the user object, just to make sure I have specified the
object correctly. However, you can add the user to the group without binding
to the object. You can pass the AdsPath of the prospective member to the Add
method of the local group object. I would try:
Set objWshNet = CreateObject("wscript.network")
strComputer = objwshnet.computername
strUser = "Tester"
strDomain = "MyDomain"
strUser = "WinNT://" & strDomain & "/" & strUser
Set ObjAdminGroup = GetObject("WinNT://" & strComputer &
"/administrators,group")
objAdminGroup.Add strUser
This makes more sense to me than hardcoding credentials in the script and
attempting to authenticate to the domain. Also, you might want to test for
membership using the IsMember method of the local group object before adding
the new member. For example:
Set objWshNet = CreateObject("wscript.network")
strComputer = objwshnet.computername
strUser = "Tester"
strDomain = "MyDomain"
strUser = "WinNT://" & strDomain & "/" & strUser
Set ObjAdminGroup = GetObject("WinNT://" & strComputer &
"/administrators,group")
If (ObjAdminGroup.IsMember(strUser) = False) Then
ObjAdminGroup.Add strUser
End If
--
Richard
Microsoft MVP Scripting and ADSI
Hilltop Lab web site -http://www.rlmueller.net
--
"script-newb" <ClayT...@xxxxxxxxx> wrote in messagenews:1170170628.227016.135570@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Thanks for the help Richard
I can't echo the ObjUser because it is having trouble binding. I tried
running it with a differant local admin of the machine and I get a
"Logon failure: unknown username ...." when it tried to bind to that
particular domain user.
This machine is on the domain but I need to run this while the local
administrator is signed on to the local machine before I can have any
users sign into the domain with this machine.
I am only going to try a few more things before i just use the net
localgroup command within my script.
thanks Again,
Clay
On Jan 29, 10:36 pm, "Richard Mueller [MVP]" <rlmueller-on
NOS...@xxxxxxxxxxxxxxxxxxxx> wrote:
I see no problem in the script. The error sounds like it could be raised
whyline 5 if the user is not authenticated to the domain. I see no reason
not aanyone should not be able to bind to the local group, even if they are
usermember of the local Administrators group. I would echo the name of the
successful.after binding to the domain user object, to make sure that was
Wscript.Echo ObjUser.Name
--
Richard
Microsoft MVP Scripting and ADSI
Hilltop Lab web site -http://www.rlmueller.net
--
"script-newb" <ClayT...@xxxxxxxxx> wrote inmessagenews:1170107962.907274.63420@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
All,
I hope I am just over looking something but I am having trouble
getting this simple vbscript to work.
A locally logged on user part of the local admin group can run this
command line just fine
net localgroup administrators MyDomain\Tester /add
Why can't he run this vbscript which does the same thing?
1. Set objWshNet = CreateObject("wscript.network")
2. strComputer = objwshnet.computername
3. strUser = "Tester"
4. strDomain = "MyDomain"
5. Set ObjUser = GetObject("WinNT://" & strDomain & "/" & strUser &
",user")
6. Set ObjAdminGroup = GetObject("WinNT://" & strComputer & "/
administrators,group")
7. objAdminGroup.Add ObjUser.ADsPath
Getting error "The user is not allowed to log on from this
workstation" on this line 6.
I can't seem to workaround this. I really would rather run this in
full vbscript rather than using this line inside my vbscript
WshShell.Run "cmd.exe /c net localgroup administrators MyDomain
\Tester /add"
Any advice is appreciated.
Clay- Hide quoted text -- Show quoted text -- Hide quoted text -- Show quoted text -- Hide quoted text -- Show quoted text -
.
- References:
- Small Simple VBscript Problem - Adding Users to Local Group
- From: script-newb
- Re: Small Simple VBscript Problem - Adding Users to Local Group
- From: Richard Mueller [MVP]
- Re: Small Simple VBscript Problem - Adding Users to Local Group
- From: script-newb
- Re: Small Simple VBscript Problem - Adding Users to Local Group
- From: Richard Mueller [MVP]
- Small Simple VBscript Problem - Adding Users to Local Group
- Prev by Date: Re: Delete Computer Account form Active Directroy
- Next by Date: Re: Read text file from a symbol up to a symbol.
- Previous by thread: Re: Small Simple VBscript Problem - Adding Users to Local Group
- Next by thread: Re: Computer Name to the Login ID
- Index(es):
Relevant Pages
|
