一、 Function 主要功能:
1. Directly rename it in the domain 在域中重命名
2. Rename it in the workgroup 在工作组中重命名
3. Join domain 加域
二、Note 注意事项:
1. Privilege account must is acct or admin account with minuscule 特权帐号必须为acct 或 admin 的小写帐号
2. Check UAC setting 检查是否有UAC 设置
3. The new name of computer must less then 15 characters 新计算机名不能多于15个字符
4. You must know whether need to delete the same account while rename the computer or change the name.
重命名计算机时,如果域中已经有帐号,需要先删除(判断) 或重新输入
5. After rename the computer in the workgroup, you must run the tool again.
在工作组中重命名计算机后,在重新启动后需要再次运行此工具来加入域。
6. Only select sub-directory while join computer into domain
加域的时候,只能选择最底层的OU
三、版本历史:
0. 这是曾经的用批处理用netdom加域的,可是总是发生加不进去的问题。
1. v1版本用Vb来加域,打算不用netdom命令,可是会发生如果已经存在帐号就加不进去,帐号刚刚被删除,也无法加进去。同时一个最无法接受的是不能指定OU,因为做这个脚本就是这个目的,故放弃。
2. v2 版本又回到使用netdom上来,因为后来发现netdom可以指定DC,OU,这样一来就完全达到的要求,而且由于可以指定DC,所以如果对象存在,就可以先删除再加域,也可以加域成功。使用打开文件夹的方法实现指定目标OU。此为里程碑的版本
3. v3 版本在v2版本的基础上增加了可以直接在域中重命名计算机的功能。
4. v4 版本在v3版本的基础上集成了htm文件,从而可以输入操作帐号,增强了安全性。
5. 非常要命的是当v4版本几乎完美的时候,发现在vista下总是报错,无法加域成功。然后通过网上搜,知道有vista同netdom有一个 bug,KB932173 由此判定netdom无法完成任务,故只好又转向用vbscript加域任何再用move的方法。但是move总是不成功。然后又发现其实用 vbscript可以指定OU,这个发现曾经让我兴奋不已,觉得总vbscript的路通了。所以又有了v5版本
6. vbscript加域致命的问题依旧出现了,就是如果一个帐号存在,先删除,再加就加不进去了,总结为就是因为vbscript加域无法指定DC(鉴于前车之鉴,此次经多方确认)导致DC间尚未同步,故就加不进去了。
7. 基于对vbscript加域彻底绝望,故再次在netdom上的v3上寻找突破,所以有了v3.2,3.2的最大突破是,发现在vista下无法成功,是由于
Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or shared resource and try again..
以及在后边部分少了一些定义导致。
8. v3.3和3.4 最大发现是在Vista下如果Enable 了UAC 则rename 的时候会显示 "Access is denied",所以增加check UAC的部分。
9. v3.5在3.4的基础上增加了在加域前重命名计算机的功能。
10. v3.6 和3.7 增加了集成htm文件提示输入操作帐号的功能。
11. v3.7 和3.8 修复了一些bug,以及增加中文提示,最终定义为V5。
四、技术突破
1. 由于需要输入帐号密码,而如果仅仅是inputbox的方法的话,在输入密码的时候会可以看到,所以学会了结合htm文件来输入帐号和屏蔽密码。
2. 学会了利用脚本运行的错误来实现判断 If err <> 0 then
3. 学会使用intAnswer来实现交互
intAnswer = Msgbox("Do you want toxxx ", vbYesNo, "Delete the computer account")
If intAnswer = vbNo Then ....
4. 利用打开文件夹来模拟打开AD中的OU来实现加域时指定OU
Const WINDOW_HANDLE = 0
Const OPTIONS = 0
strPath = “c:/temp”
Set objShell = CreateObject("Shell.Application")
Set objFolder = objShell.BrowseForFolder _
(WINDOW_HANDLE, "Select a OU (选择一个OU):", OPTIONS, strPath)
5. 由于运行脚本的时候往往当前登录的验证信息不足以完成操作,比如说在域中直接rename,所以就需要特 权帐号来执行,而之前会的哪些脚本都是利用本身帐号的权限来完成的,故这个Challenge挑战在脚本一开始的时候就困扰我很久。查了很多文章,才找到 一些多种使用替代凭据运行执行语句的办法来适用多种情况。还有就是如果涉及到查询AD,如果能够指定DC最好,因为可能存在DC间复制延迟导致脚本运行失 败的可能,尤其是像我们这种跨国公司只有一个域,本地不是子域的情况。
a. 当在脚本里面需要在AD中Getobject的时候,下面的方法可以指定DC和凭据
Set root = GetObject("LDAP:")
Set objcomputer = root.OpenDSObject("LDAP://DCNanme/cn=xxx,OU=xxx,dc=xxx,dc=xxx", strUser, strPassword, _
ADS_USE_ENCRYPTION AND ADS_SECURE_AUTHENTICATION)
而以前是这么写的
Set objComputer = GetObject(LDAP://cn=xxx,OU=xxx ,dc=xxx,dc=xxx)
b. 当在脚本里面查询AD中的对象使用下面方法时,也可以制定DC和凭据
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Properties("User ID") = strUser
objConnection.Properties("Password") = strPassword
objConnection.Properties("Encrypt Password") = True
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.CommandText = "LDAP://DCname/dc=xxx,dc=xxx ;" & _
"(&(objectCategory=computer)(objectClass=user)(Name=" & strComputer & "));" & _
"distinguishedName,name;Subtree"
Set objRecordSet = objCommand.Execute
SerTempDN = objRecordSet.Fields("distinguishedName").Value
脚本如下:
' ----------------------------------------------------------------------------
' JoinDomainForIT.vbs
' VBScript program to Join computer into domain or rename it in the AD
' Date: 08/12/2008
' Version: 5.0 -- Change to Unicode and add chinese description.
' By: Mike Yang at AMD Suzhou 37890
' ----------------------------------------------------------------------------
On Error Resume Next
' ###########################################################################
' Get privilege account, e.g admin_xxx or acct_xxx
' ###########################################################################
' Dim Shell
Dim oShell
Set oShell = WScript.CreateObject ("WSCript.shell")
' -------------------------
' Get User & Password
' -------------------------
Set objExplorer = WScript.CreateObject _
("InternetExplorer.Application", "IE_")
objExplorer.Navigate "file:/ssuzfile22/helpdesk$/JoinDomain/Password.htm "
objExplorer.ToolBar = 0
objExplorer.StatusBar = 0
objExplorer.Width = 620
objExplorer.Height = 420
objExplorer.Left = 100
objExplorer.Top = 100
objExplorer.Visible = 1
Do While (objExplorer.Document.Body.All.OKClicked.Value = "")
Wscript.Sleep 250
Loop
' --------------------------------------------------------------
strUserName = objExplorer.Document.Body.All.UserName.Value
strUser = "amd/" & strUserName
strPassword = objExplorer.Document.Body.All.UserPassword.Value
' --------------------------------------------------------------
strButton = objExplorer.Document.Body.All.OKClicked.Value
objExplorer.Quit
Wscript.Sleep 250
If strButton = "Cancelled" Then
Wscript.Quit
End If
If strUsername = "" or strPassword = "" Then
Wscript.Quit
End If
' -------------------------
' Check input User
' -------------------------
adminxxx = Left(strUser,10)
'Wscript.echo adminxxx
acctxxx = Left(strUser,9)
'Wscript.echo acctxxx
If adminxxx <> "amd/admin_" and acctxxx <> "amd/acct_" Then
Wscript.echo "" _
& "Error!! You must use acct_xxx or admin_xxx to run the tools. " & chr(10) & chr(13) _
& "错误!!请使用acct或admin帐号来运行此工具 " & chr(10) & chr(13) & chr(10) & chr(13) _
& "And you must use minuscule to inpute,like acct_yjay , please input again."& chr(10) & chr(13) _
& "同时请务必使用小写来输入,比如 acct_yjay, 请再次输入。"
run8 = "//ssuzfile22/helpdesk$/joindomain/JoinDomainForIT.vbe "
'Wscript.echo run8
oShell.run run8,true
Wscript.quit
End If
' -------------------------
' Authenticate User
' -------------------------
Const ADS_SECURE_AUTHENTICATION = 1
Const ADS_USE_ENCRYPTION = 2
strPath = "OU=Suzhou,dc=amd,dc=com"
Set root = GetObject("LDAP:")
Set objOU = root.OpenDSObject("LDAP://SSUZDC3/ " & strPath, strUser, strPassword, _
ADS_USE_ENCRYPTION AND ADS_SECURE_AUTHENTICATION)
SuzDN = objOU.distinguishedName
If err = 424 then
Wscript.echo "" _
& "Logon failure: unknown user name or bad password, please input again." & chr(10) & chr(13) & chr(10) & chr(13) _
& "登录失败,错误的用户名或者密码,请再次输入。"
run8 = "//ssuzfile22/helpdesk$/joindomain/JoinDomainForIT.vbe "
'Wscript.echo run8
oShell.run run8,true
wscript.quit
ElseIf err <> 0 Then
Wscript.echo "" _
& "failed,please contack with Mike Yang (37890)" & chr(10) & chr(13) & chr(10) & chr(13) _
& "失败,请了联系 杨向群(37890)"
run8 = "//ssuzfile22/helpdesk$/joindomain/JoinDomainForIT.vbe "
'Wscript.echo run8
oShell.run run8,true
Wscript.quit
End If
' ###########################################################################
' Define
' ###########################################################################
' -------------------------
' Define
' -------------------------
' Dim for open folder
Const WINDOW_HANDLE = 0
Const OPTIONS = 0
strPath = "//Ssuzfile22/helpdesk$/JoinDomain/amd.com "
' Dim auth
'strUser = "amd/xxxxx"
'strPassword = "xxxxx"
' Get ComputerName
Set objNetwork = CreateObject("WScript.Network")
strComputer = objNetwork.ComputerName
UserDomain = objNetwork.userdomain
UserName = objNetwork.username
LogonName = UserDomain & "/" & UserName
'Wscript.Echo LogonName
' ------------------------------
' Check if is it in the domain
' ------------------------------
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!//" & strComputer & "/root/cimv2")
'Set colItems = objWMIService.ExecQuery ("Select * from Win32_ComputerSystem")
'For Each objItem in colItems
' DomainName = objItem.domain
'Next
Set objWMI = GetObject("winmgmts://./root/cimv2")
Set colComputer = objWMI.ExecQuery("select DomainRole from win32_computersystem",,48)
For Each objComputer in colComputer
role = objComputer.DomainRole
Next
'Wscript.echo role
' ###########################################################################
' Rename computer in the domain when it is in the domain
' ###########################################################################
' -------------------------------------
' role = 0 or 2 is standlone computer
' -------------------------------------
' If the computer is in the domain
If role <> 0 and role <> 2 Then
' -------------------------------------
' search AD to find the account
' -------------------------------------
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Properties("User ID") = strUser
objConnection.Properties("Password") = strPassword
objConnection.Properties("Encrypt Password") = True
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.CommandText = "<LDAP://ssuzdc3/dc=amd,dc=com >;" & _
"(&(objectCategory=computer)(objectClass=user)(Name=" & strComputer & "));" & _
"distinguishedName,name;Subtree"
Set objRecordSet = objCommand.Execute
SerTempDN = objRecordSet.Fields("distinguishedName").Value
' -------------------------------------
' If the account is lost in the AD
' -------------------------------------
If err <> 0 Then
err.clear
Wscript.echo "" _
& "The computer is in the domain, but seems it has lost the account in the AD, " & chr(10) & chr(13) _
& "此计算机在域中, 但是似乎在活动目录中丢失了对应的帐号。 " & chr(10) & chr(13) & chr(10) & chr(13) _
& "Please unjoin it from domain manually, then run the tool again." & chr(10) & chr(13) _
& "请手动将此计算机退出域,然后再次运行此工具。"
Wscript.quit
End If
' -------------------------------------
' Check the logon account
' -------------------------------------
adminxxx = Left(LogonName,10)
'Wscript.echo adminxxx
acctxxx = Left(LogonName,9)
'Wscript.echo acctxxx
If adminxxx <> "AMD/admin_" and acctxxx <> "AMD/acct_" Then
intAnswer = Msgbox( "" _
& "The computer is in the domain, to rename computer in the AD,you must logon as amd/acct_xxx or amd/admin_xxx ," & chr(10) & chr(13) _
& "此计算机已经在域中,如果你要直接在域中重命名它,你必须用acct或者admin帐号来登录到Windows。" & chr(10) & chr(13) & chr(10) & chr(13) _
& "Currently you are NOT logon as amd/acct_xxx or amd/admin_xxx, so could you log off now?" & chr(10) & chr(13) _
& "当前您没有用这类帐号来登录,你需要现在注销计算机吗?" & chr(10) & chr(13) & chr(10) & chr(13) _
& "If you click No, the script will quit!"& chr(10) & chr(13) _
& "如果您点击NO,此工具将退出。", vbYesNo, "Check logon account")
If intAnswer = vbNo Then
Wscript.quit
Else
Const LOG_OFF = 0
Const FORCED_LOG_OFF = 4
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate,(Shutdown)}!//" & strComputer & "/root/cimv2")
Set colOperatingSystems = objWMIService.ExecQuery _
("Select * from Win32_OperatingSystem")
For Each objOperatingSystem in colOperatingSystems
ObjOperatingSystem.Win32Shutdown(FORCED_LOG_OFF)
Next
Wscrit.quit
End If
End If
' -------------------------------------
' Check UAC
' -------------------------------------
Const HKEY_LOCAL_MACHINE = &H80000002
Set StdOut = WScript.StdOut
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!//" &_
strComputer & "/root/default:StdRegProv")
dwKeyPath = "SOFTWARE/Microsoft/Windows/CurrentVersion/Policies/System"
dwValueName = "EnableLUA"
oReg.GetDWORDValue HKEY_LOCAL_MACHINE,dwKeyPath,dwValueName,dwValue
UAC = dwValue
'Wscript.echo UAC
If UAC = 1 Then
Wscript.echo "" _
& "The computer is in the domain and its OS is Windows Vista. At present, UAC has been ENABLED!! " & chr(10) & chr(13) _
& "此计算机已经在域中,其操作系统是Windows Vista,UAC 设置是启用的!! " & chr(10) & chr(13) & chr(10) & chr(13) _
& "So if you want to directly rename it in the domain, please Disable UAC first and then run the tool again. Click OK to quit the tool." & chr(10) & chr(13) _
& "如果你需要直接在域中重命名此计算机,请先禁用UAC,然后再次运行此工具。点击 OK 退出此工具。"
Wscript.quit
End if
' -------------------------------------
' Prompt input new computer name
' -------------------------------------
intAnswer = Msgbox("" _
& "The computer is in the domain and you has logon as amd/acct_xxx or amd/admin_xxx, " & chr(10) & chr(13) _
& "此计算机已经在域中同时您已经使用acct或admin帐号登录Windows。 " & chr(10) & chr(13) & chr(10) & chr(13) _
& "Do you want to rename it in the domain? If you click No, the tool will quit!" & chr(10) & chr(13) _
& "你要重命名此计算机吗?如果您点击 NO,将退出此工具。" , vbYesNo, "Do you want to rename it?")
If intAnswer = vbNo Then
Wscript.quit
Else
' ------------------------------
' Check input
' ------------------------------
kk = 1
do until kk = 0
kk = 0
InputNewComName = inputBox("" _
& "Currently, the computer's name is " & strComputer & chr(10) & chr(13) _
& "当前的计算机名是 " & strComputer & chr(10) & chr(13) & chr(10) & chr(13) _
& "Please input your new Computer Name and click OK . Click Cancel to quit the tool." & chr(10) & chr(13) _
& "请输入新的计算机名并点击 OK 。点击 Cancle 退出此工具。" & chr(10) & chr(13)& chr(10) & chr(13) )
' ------------------------------
' If no input
' ------------------------------
If InputNewComName = "" Then
Wscript.quit
End If
If Len(InputNewComName) > 15 Then
Wscript.Echo "" _
& "Your input is error, please fill in less than 15 characters" & chr(10) & chr(13) & chr(10) & chr(13) _
& "您的输入有误,计算机名不能多于15个字符。"
kk = 1
Else
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Properties("User ID") = strUser
objConnection.Properties("Password") = strPassword
objConnection.Properties("Encrypt Password") = True
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.CommandText = "<LDAP://ssuzdc3/dc=amd,dc=com >;" & _
"(&(objectCategory=computer)(objectClass=user)(Name=" & InputNewComName & "));" & _
"distinguishedName,name;Subtree"
Set objRecordSet = objCommand.Execute
SerDN = objRecordSet.Fields("distinguishedName").Value
If err = 0 Then
intAnswer = Msgbox("" _
& "The new computer name your input has exsited in the AD, Do you want to delete it first?" & chr(10) & chr(13) _
& "您输入的新计算机名在活动目录中已经存在,您想要在域中删除此帐号吗?" & chr(10) & chr(13) & chr(10) & chr(13) _
& "If you want to change another name please click No ." & chr(10) & chr(13) _
& "如果您需要重新输入新的计算机名,请点击 NO ", vbYesNo, "Delete the computer account")
If intAnswer = vbNo Then
kk = 1
Else
Set root = GetObject("LDAP:")
Set objComputer = root.OpenDSObject("LDAP://SSUZDC3/ " & SerDN, strUser, strPassword, 200)
objComputer.DeleteObject(0)
If err<>0 Then
err.clear
Wscript.Echo "" _
& "Delete computer is failed, the script will quit." & chr(10) & chr(13) & chr(10) & chr(13) _
& "删除帐号失败,此脚本将退出。"
Wscript.quit
Else
Wscript.Echo "" _
& "Delete computer is successfully! Please click OK to continue!" & chr(10) & chr(13) & chr(10) & chr(13) _
& "删除帐号成功,请点击 OK 继续。"
End If
End If
Else
err.clear
End If
End If
Loop
' ------------------------------
' Rename
' ------------------------------
Set objWMIService = GetObject("Winmgmts:root/cimv2")
For Each objComputer in _
objWMIService.InstancesOf("Win32_ComputerSystem")
err = ObjComputer.Rename(InputNewComName)
If err = 1326 Then
Wscript.echo "" _
& "bad password" & chr(10) & chr(13) & chr(10) & chr(13) _
& "密码错误"
Wscript.quit
ElseIf err = 5 Then
Wscript.echo "" _
& "Access is denied." & chr(10) & chr(13) & chr(10) & chr(13) _
& "拒绝访问。"
Wscript.quit
ElseIf err <> 0 Then
Wscript.echo err.number
Wscript.quit
End If
Next
err.clear
' ------------------------------
' Restart
' ------------------------------
Wscript.echo "" _
& "Rename the computer is successful, Please click OK to restart your computer!" & chr(10) & chr(13) & chr(10) & chr(13) _
& "重命名计算机成功,请点击 OK 重启您的计算机。"
run0 = "shutdown -r -f -t 1"
'Wscript.echo run0
oShell.run run0,true
Wscript.quit
End If
End If
' ###########################################################################
' Join into Domain when computer out of domain
' ###########################################################################
' -------------------------
' Connect to file
' -------------------------
'run1 = "net use //ssuzfile22/helpdesk$ " & strPassword & " /user:" & struser
'Wscript.echo run1
'oShell.run run1,true
' -------------------------------
' Ask user is current accout OK?
' -------------------------------
intAnswer = Msgbox("" _
& "Your computer's name is " & strComputer & chr(10) & chr(13) _
& "此计算机的名字是" & strComputer & chr(10) & chr(13) & chr(10) & chr(13) _
& "Please click Yes -- If you want to join it into domain with the name. " & chr(10) & chr(13) _
& "请点击 Yes -- 如果您想用此名称来加入域, " & chr(10) & chr(13) & chr(10) & chr(13) _
& "Please click No -- If you want to rename it first." & chr(10) & chr(13) _
& "请点击 No -- 如果您想先重命名它。" & chr(10) & chr(13) & chr(10) & chr(13) _
& "After rename the computer and restarted, please run the tool again." & chr(10) & chr(13) _
& "在您重命名以及重新启动计算机后, 请再次运行此工具.", vbYesNo, "Do you like the name?")
If intAnswer = vbYes Then
' -------------------------
' Get computer info
' -------------------------
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Properties("User ID") = strUser
objConnection.Properties("Password") = strPassword
objConnection.Properties("Encrypt Password") = True
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.CommandText = "<LDAP://ssuzdc3/dc=amd,dc=com >;" & _
"(&(objectCategory=computer)(objectClass=user)(Name=" & strComputer & "));" & _
"distinguishedName,name;Subtree"
Set objRecordSet = objCommand.Execute
strComDN = objRecordSet.Fields("distinguishedName").Value
'Wscript.echo strComDN
' -----------------------------------
' Check the computer account in AD
' -----------------------------------
If err=0 Then
intAnswer = Msgbox("" _
& "Your Computer is NOT in the domain, but now the computer account is existent in the AD, " & chr(10) & chr(13) _
& "此计算机不在域中,但是在活动目录中已经存在同名的帐号。 " & chr(10) & chr(13) & chr(10) & chr(13) _
& "Do you want to delete it first? If you click No, the tool will quit!" & chr(10) & chr(13) _
& "您想先删除此同名帐号吗?如果您点击 No, 此工具将退出。", vbYesNo, "Delete the computer account")
If intAnswer = vbYes Then
Set root = GetObject("LDAP:")
Set objComputer = root.OpenDSObject("LDAP://SSUZDC3/ " & strComDN, strUser, strPassword, 200)
objComputer.DeleteObject(0)
If err<>0 Then
err.clear
Wscript.Echo "" _
& "Delete computer is failed, the tool will quit." & chr(10) & chr(13) & chr(10) & chr(13) _
& "删除计算机帐号失败, 此工具将退出."
Wscript.quit
Else
Wscript.Echo "" _
& "Delete computer is successfully! Please click OK to continue!" & chr(10) & chr(13) & chr(10) & chr(13) _
& "删除计算机帐号成功,请点击 OK 继续下一步。"
End If
Else
Wscript.quit
End If
Else
err.clear
End If
Else
' ------------------------------
' Rename and restart
' ------------------------------
' ------------------------------
' Check input
' ------------------------------
kk = 1
do until kk = 0
kk = 0
InputNewComName = inputBox("" _
& "Currently, the computer's name is " & strComputer & chr(10) & chr(13) _
& "此计算机当前名为 " & strComputer & chr(10) & chr(13) & chr(10) & chr(13) _
& "Please input your new Computer Name and click OK . Click Cancel to quit the tool." & chr(10) & chr(13) _
& "请输入新计算机名,并点击 OK 。点击 Cancel 退出此工具" & chr(10) & chr(13) & chr(10) & chr(13) )
' ------------------------------
' If no input
' ------------------------------
If InputNewComName = "" Then
Wscript.quit
End If
If Len(InputNewComName) > 15 Then
Wscript.Echo "" _
& "Your input is error, please fill in less than 15 characters." & chr(10) & chr(13) & chr(10) & chr(13) _
& "您的输入有误,计算机名不能多于15个字符。"
kk = 1
Else
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Properties("User ID") = strUser
objConnection.Properties("Password") = strPassword
objConnection.Properties("Encrypt Password") = True
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.CommandText = "<LDAP://ssuzdc3/dc=amd,dc=com >;" & _
"(&(objectCategory=computer)(objectClass=user)(Name=" & InputNewComName & "));" & _
"distinguishedName,name;Subtree"
Set objRecordSet = objCommand.Execute
strNewDN = objRecordSet.Fields("distinguishedName").Value
If err = 0 Then
intAnswer = Msgbox("" _
& "Your input computer account is existent in the AD, Do you want to delete it first? " & chr(10) & chr(13) _
& "您输入的计算机帐号在活动目录中已经存在, 您想删除此现有的帐号吗?" & chr(10) & chr(13) & chr(10) & chr(13) _
& "If you click No, will try to input another computername!" & chr(10) & chr(13) _
& "如果您点击 NO, 您将可以重新输入新的名称。", vbYesNo, "Delete the computer account")
If intAnswer = vbYes Then
Set root = GetObject("LDAP:")
Set objComputer = root.OpenDSObject("LDAP://SSUZDC3/ " & strNewDN, strUser, strPassword, 200)
objComputer.DeleteObject(0)
If err<>0 Then
err.clear
Wscript.Echo "" _
& "Delete computer is failed, the tool will quit." & chr(10) & chr(13) & chr(10) & chr(13) _
& "删除计算机帐号失败, 此工具将退出."
Wscript.quit
Else
Wscript.Echo "" _
& "Delete computer is successfully! Please click OK to continue!" & chr(10) & chr(13) & chr(10) & chr(13) _
& "删除计算机帐号成功,请点击 OK 继续下一步。"
End If
Else
kk = 1
End If
End If
End If
Loop
' ------------------------------
' Rename
' ------------------------------
Set objWMIService = GetObject("Winmgmts:root/cimv2")
For Each objComputer in _
objWMIService.InstancesOf("Win32_ComputerSystem")
err = ObjComputer.Rename(InputNewComName)
If err = 1326 Then
Wscript.echo "" _
& "bad password" & chr(10) & chr(13) & chr(10) & chr(13) _
& "密码错误"
Wscript.quit
ElseIf err = 5 Then
Wscript.echo "" _
& "Access is denied." & chr(10) & chr(13) & chr(10) & chr(13) _
& "拒绝访问。"
Wscript.quit
ElseIf err <> 0 Then
Wscript.echo err.number
Wscript.quit
End If
Next
err.clear
' ------------------------------
' Restart
' ------------------------------
Wscript.echo "" _
& "Rename the computer is successful, Please click OK to restart Your Computer! And run the tool again." & chr(10) & chr(13) & chr(10) & chr(13) _
& "重命名计算机成功,请点击 OK 重新启动计算机并再次运行此工具。"
run0 = "shutdown -r -f -t 1"
'Wscript.echo run0
oShell.run run0,true
Wscript.quit
End If
' -------------------------
' Select Path
' -------------------------
KK = 1
Do until kk = 0
kk = 0
Set objShell = CreateObject("Shell.Application")
Set objFolder = objShell.BrowseForFolder _
(WINDOW_HANDLE, "Select a OU (选择一个OU):", OPTIONS, strPath)
If objFolder Is Nothing Then
Wscript.Quit
End If
Set objFolderItem = objFolder.Self
objPath = objFolderItem.Path
' -------------------------
' Check Path
' -------------------------
If objPath = strPath or objPath = strPath+"/Suzhou" or objPath = strPath+"/Suzhou/Servers" or objPath = strPath+"/Suzhou/Workstations" Then
'Wscript.Echo "error " & objPath & "Please select again!"
Wscript.Echo "" _
& "Error Path, Please select its subdirectory!" & chr(10) & chr(13) & chr(10) & chr(13) _
& "错误的路径,请重新选择下层目录。"
KK = 1
ElseIf objPath = strPath+"/Suzhou/Servers/Physical Servers" Then
OU = "OU=Physical Servers,OU=Servers,OU=Suzhou,DC=amd,DC=com"
ElseIf objPath = strPath+"/Suzhou/Servers/Virtual DEV Servers" Then
OU = "OU=Virtual DEV Servers,OU=Servers,OU=Suzhou,DC=amd,DC=com"
ElseIf objPath = strPath+"/Suzhou/Servers/Virtual Infrastructure Servers" Then
OU = "OU=Virtual Infrastructure Servers,OU=Servers,OU=Suzhou,DC=amd,DC=com"
ElseIf objPath = strPath+"/Suzhou/Workstations/Laptops" Then
OU = "OU=Laptops,OU=Workstations,OU=Suzhou,DC=amd,DC=com"
ElseIf objPath = strPath+"/Suzhou/Workstations/PCs" Then
OU = "OU=PCs,OU=Workstations,OU=Suzhou,DC=amd,DC=com"
ElseIf objPath = strPath+"/Suzhou/Workstations/Virtual DEVs" Then
OU = "OU=Virtual DEVs,OU=Workstations,OU=Suzhou,DC=amd,DC=com"
End If
Loop
strOU = """" & OU & """"
'Wscript.echo OU
'Wscript.echo strOU
' -------------------------
' Join Domain
' -------------------------
run3 = "//ssuzfile22/helpdesk$/JoinDomain/netdom join " & strComputer & " /Domain:amd.com/ssuzdc3" & " /OU:" & strOU & " /userd:" & struser & " /passwordd:" & strPassword
'Wscript.echo run3
oShell.run run3,true
Wscript.sleep 3000
' -------------------------
' research the account
' -------------------------
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Properties("User ID") = strUser
objConnection.Properties("Password") = strPassword
objConnection.Properties("Encrypt Password") = True
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.CommandText = "<LDAP://ssuzdc3/dc=amd,dc=com >;" & _
"(&(objectCategory=computer)(objectClass=user)(Name=" & strComputer & "));" & _
"distinguishedName,name;Subtree"
Set objRecordSet = objCommand.Execute
strTargetDN = objRecordSet.Fields("distinguishedName").Value
If err<>0 Then
wscript.echo err
err.clear
Wscript.echo "" _
& "The computer is not be joined into domain, please contact Mike Yang (37890)" & chr(10) & chr(13) & chr(10) & chr(13) _
& "计算机加入域失败,请联系 杨向群 (37890)"
Wscript.quit
End If
' -------------------------
' Check the target OU
' -------------------------
tDN = "CN=" & strComputer & "," & OU
'Wscript.echo tDN
If strTargetDN = tDN Then
Wscript.echo "" _
& "The computer has be joined into AMD domain successfully. Please click OK to restart your computer!" & chr(10) & chr(13) & chr(10) & chr(13) _
& "此计算机成功加入域,请单击 OK 重新启动计算机。"
Else
Wscript.echo "" _
& "The computer has be joined into AMD domain successfully, but seems target OU is error." & chr(10) & chr(13) & chr(10) & chr(13) _
& "此计算机成功加入域,但是似乎目标OU是错误的,请单击 OK 重新启动计算机。"
End If
run4 = "shutdown -r -f -t 1"
'Wscript.echo run4
oShell.run run4,true
转贴自http://hi.baidu.com/mikeoldyang/blog/item/1ea1d1d53acc8e09a08bb7c8.html