change computer account password Active directory

change computer account password Active directory

Twee belangrijke zaken om rekening mee te houden voor de uitvoer:
1.    Admin user is op basis van DisplayName in het geval van spaties quoten gebruiken “ …”
2.    Het script kijkt naar de default OU’s voor zowel user als het aanmaken van de computer in de AD. (Default OU Users OU Computers) zorg dat de Admin gebruiker daar staat.
Start nu een elevated cmd:
Cd c:\temp
C:\temp> CreateComputerAccount.vbs <nieuwe computer account> <pwd account> <FQDN> <Domeincontroller> <Admin user> <admin user pwd>
Security advies:
NTLM aanpassingen in de locale security policys op de DC: (bv: auditing en ntlmv2)
http://technet.microsoft.com/en-us/library/jj865668(v=ws.10).aspx

‘CreateComputerAccount.vbs
‘Create a Computer account in Active Directory, set it’s password and
‘echo the principal name, DNS domain name and password in a | separated
‘list. If no password is supplied, a random password will be set. If no
‘container DN is supplied, the account will be created in the default
‘Computers container (such as CN=Computers,DC=example,DC=com). If an
‘error occurs, the error code and possibly error text will be returned
‘in the first two fields of the output string. If the operation is
‘successful, the error code is always “0”.

‘Option Explicit
‘On Error Resume Next

Dim strContainer, strName, strPassword, strDnsDomain , strDomainController, strDomainAdminUser , strDomainAdminPwd
Dim objContainer, objComputer, objRootDSE, objSystemInfo

strContainer = “”
strName = “”
strPassword = “”
strDnsDomain = “”

If WScript.Arguments.Count = 0 Then
WScript.Echo “Error : Usage: CreateComputerAccount.vbs <Name>”
WScript.Echo ”  [/p <Password>]”
WScript.Echo ”  [/c <ContainerDN> | /d <DnsDomain>]”
WScript.Echo “Output: <ErrorCode>|<ErrorText>|<PrincipalName>|<DnsDomain>|<Password>”
WScript.Quit
End If

Select Case WScript.Arguments.Count
Case 6
strName = Wscript.Arguments(0)
strPassword = Wscript.Arguments(1)
strDnsDomain = Wscript.Arguments(2)
strDomainController = Wscript.Arguments(3)
strDomainAdminUser = Wscript.Arguments(4)
strDomainAdminPwd = Wscript.Arguments(5)
strContainer = “”
Case Else
strMsg = “Error # in parameters passed”
WScript.Echo strMsg
WScript.Quit(0)
End Select
If strName = “” Then
WScript.Echo “Error : Usage: CreateComputerAccount.vbs <Name> [[p] <Password>] [[c] <ContainerDN>]”
WScript.Quit
End If

Function TranslateDnToDnsDomain(dn)
Dim objTrans, strCanon

‘ADS_NAME_INITTYPE_GC 3
‘ADS_NAME_TYPE_1779 1
‘ADS_NAME_TYPE_CANONICAL 2

Set objTrans = CreateObject(“NameTranslate”)
objTrans.Init 3, “”
objTrans.Set 1, dn
strCanon = objTrans.Get(2)
strCanon = Mid(strCanon, 1, InStr(strCanon, “/”) – 1)

TranslateDnToDnsDomain = strCanon
End Function
If strContainer <> “” Then
strDnsDomain = TranslateDnToDnsDomain(strContainer)
ElseIf strDnsDomain <> “” Then
‘WScript.Echo “strDnsDomain is ” & strDnsDomain
Set objRootDSE = GetObject(“LDAP://” & strDomainController & “/RootDSE”)
strContainer = “CN=Computers,” & objRootDSE.Get(“DefaultNamingContext”)
Else
Set objRootDSE = GetObject(“LDAP://RootDSE”)
strContainer = “CN=Computers,” & objRootDSE.Get(“DefaultNamingContext”)
strDnsDomain = TranslateDnToDnsDomain(strContainer)
End If

Function RandPass(pn)
Dim c, n, m, s, ret, i, r

c = “abcdefghjkmnpqrstuvwxyz”
n = “23456789”
m = “~$^-+.”
ret = “”

Randomize

pn = pn – 1

For i = 0 to pn
If i Mod 8 = 4 Then
s = m
ElseIf i Mod 8 > 4 Then
s = n
Else
s = c
End If
r = Int(Rnd() * Len(s))
ret = ret & Mid(s, r + 1, 1)
Next

RandPass = ret
End Function

If strPassword = “” Then
strPassword = RandPass(8)
End If

If Err.Number = 0 Then

Dim strUsername, strPass, objNamespaceLDAP
strUserName = “cn=” & strDomainAdminUser & “,cn=Users,” & objRootDSE.Get(“DefaultNamingContext”)
‘WScript.Echo strUserName
‘WScript.Echo “strcontainer” & strContainer
‘WScript.Echo “hhhh” & objRootDSE.Get(“DefaultNamingContext”)
strPass = strDomainAdminPwd
Dim subStrings,tmp
subStrings = Split(“,”&objRootDSE.Get(“DefaultNamingContext”), “,DC=”)
‘Filter(objRootDSE.Get(“DefaultNamingContext”), “DC=”, True, 0)
Dim cnt,cnt1
bndStr = “”
cnt1 = UBound(subStrings)
For cnt = 1 to cnt1
tmp = tmp + subStrings(cnt)
If cnt <> cnt1 Then
tmp = tmp & “.”
End If
‘WScript.Echo “bindStr” & tmp
Next

‘WScript.Echo “bindStr” & tmp

Set objNamespaceLDAP = GetObject(“LDAP:”)
Set objContainer = objNamespaceLDAP.OpenDSObject(“LDAP://” & strDomainController & “/” & strContainer,strUserName,strDomainAdminPwd,0)

If Err.Number = 0 Then

Set objComputer = objContainer.Create(“Computer”, “CN=” & strName)
‘WScript.Echo objComputer
If Err.Number = 0 Then
objComputer.sAMAccountName = strName & “$”
objComputer.userAccountControl = 4128
objComputer.SetInfo
If Err.Number = 0 Then
objComputer.SetPassword strPassword
If Err.Number = 0 Then

WScript.Echo “SUCCESS#” & objComputer.sAMAccountName & “@” & tmp & “#” & tmp & “#”

WScript.Quit
End If
End If
End If
End If
End If
‘If Err.Number = 0 Then
‘                       WScript.Quit
If Err.Number = &H80071392 Then
Err.Description = “The object already exists”
ElseIf Err.Number = &H80072035 Then
Err.Description = “The server is unwilling to process the request”
Else
WScript.Echo “Error ” & Hex(Err.Number) & “|” & Err.Description & “||”

End If

WScript.Quit

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

11 − seven =

This site uses Akismet to reduce spam. Learn how your comment data is processed.