You are here:
ActiveXperts.com > Network Monitor > WindowsManagement > Scripts > Active Directory > Computer Accounts
Quicklinks
- Download ActiveXperts Network Monitor 7.4 (29117 KB)
- Download Manual (374 KB)
- Screenshots - Product image gallery
Active Directory Computer Account Scripts
Copy an Active Directory Computer AccountCreate a Computer Account For a Specific User
Delete a Computer Account
Disable a Global Catalog Server
Enable a Global Catalog Server
Join a Computer to a Domain
List All Computer Accounts in Active Directory
List FSMO Role Holders
List Selected Computer Account Attributes
Modify Computer Location Attribute
Move a Computer Account
Move a Computer Account to a New Domain
Rename a Computer Account
Rename a Computer and Computer Account
Reset a Computer Account Password
Search for Specific Computer Accounts
Verify Computer Role
Verify that a Computer is a Global Catalog Server
You can use any of the VBScript programs below in ActiveXperts Network Monitor. Click here for an explanation about how to include scripts in ActiveXperts Network Monitor.
Copy an Active Directory Computer Account
Retrieves the attributes of an existing computer object and copies the attributes to a new computer object created by the script.
Set objCompt = _
GetObject("LDAP://cn=Computers,dc=NA,dc=fabrikam,dc=com")
Set objComptCopy = objCompt.Create("computer", "cn=SEA-SQL-01")
objComptCopy.Put "sAMAccountName", "sea-sql-01"
objComptCopy.SetInfo
Set objComptTemplate = GetObject _
("LDAP://cn=SEA-PM-01,cn=Computers,dc=NA,dc=fabrikam,dc=com")
arrAttributes = Array("description", "location")
For Each strAttrib in arrAttributes
strValue = objComptTemplate.Get(strAttrib)
objComptCopy.Put strAttrib, strValue
Next
objComptCopy.SetInfo
Create a Computer Account For a Specific User
Creates and enables a computer account in Active Directory. A specific, authenticated user can then use this account to add his or her workstation to the domain.
strComputer = "atl-pro-002"
strComputerUser = "fabrikam\lewjudy"
Const ADS_UF_PASSWD_NOTREQD = &h0020
Const ADS_UF_WORKSTATION_TRUST_ACCOUNT = &h1000
Const ADS_ACETYPE_ACCESS_ALLOWED = &h0
Const ADS_ACETYPE_ACCESS_ALLOWED_OBJECT = &h5
Const ADS_FLAG_OBJECT_TYPE_PRESENT = &h1
Const ADS_RIGHT_GENERIC_READ = &h80000000
Const ADS_RIGHT_DS_SELF = &h8
Const ADS_RIGHT_DS_WRITE_PROP = &h20
Const ADS_RIGHT_DS_CONTROL_ACCESS = &h100
Const ALLOWED_TO_AUTHENTICATE = _
"{68B1D179-0D15-4d4f-AB71-46152E79A7BC}"
Const RECEIVE_AS = "{AB721A56-1E2f-11D0-9819-00AA0040529B}"
Const SEND_AS = "{AB721A54-1E2f-11D0-9819-00AA0040529B}"
Const USER_CHANGE_PASSWORD = _
"{AB721A53-1E2f-11D0-9819-00AA0040529b}"
Const USER_FORCE_CHANGE_PASSWORD = _
"{00299570-246D-11D0-A768-00AA006E0529}"
Const USER_ACCOUNT_RESTRICTIONS = _
"{4C164200-20C0-11D0-A768-00AA006E0529}"
Const VALIDATED_DNS_HOST_NAME = _
"{72E39547-7B18-11D1-ADEF-00C04FD8D5CD}"
Const VALIDATED_SPN = "{F3A64788-5306-11D1-A9C5-0000F80367C1}"
Set objRootDSE = GetObject("LDAP://rootDSE")
Set objContainer = GetObject("LDAP://cn=Computers," & _
objRootDSE.Get("defaultNamingContext"))
Set objComputer = objContainer.Create _
("Computer", "cn=" & strComputer)
objComputer.Put "sAMAccountName", strComputer & "$"
objComputer.Put "userAccountControl", _
ADS_UF_PASSWD_NOTREQD Or ADS_UF_WORKSTATION_TRUST_ACCOUNT
objComputer.SetInfo
Set objSecurityDescriptor = objComputer.Get("ntSecurityDescriptor")
Set objDACL = objSecurityDescriptor.DiscretionaryAcl
Set objACE1 = CreateObject("AccessControlEntry")
objACE1.Trustee = strComputerUser
objACE1.AccessMask = ADS_RIGHT_GENERIC_READ
objACE1.AceFlags = 0
objACE1.AceType = ADS_ACETYPE_ACCESS_ALLOWED
Set objACE2 = CreateObject("AccessControlEntry")
objACE2.Trustee = strComputerUser
objACE2.AccessMask = ADS_RIGHT_DS_CONTROL_ACCESS
objACE2.AceFlags = 0
objACE2.AceType = ADS_ACETYPE_ACCESS_ALLOWED_OBJECT
objACE2.Flags = ADS_FLAG_OBJECT_TYPE_PRESENT
objACE2.ObjectType = ALLOWED_TO_AUTHENTICATE
Set objACE3 = CreateObject("AccessControlEntry")
objACE3.Trustee = strComputerUser
objACE3.AccessMask = ADS_RIGHT_DS_CONTROL_ACCESS
objACE3.AceFlags = 0
objACE3.AceType = ADS_ACETYPE_ACCESS_ALLOWED_OBJECT
objACE3.Flags = ADS_FLAG_OBJECT_TYPE_PRESENT
objACE3.ObjectType = RECEIVE_AS
Set objACE4 = CreateObject("AccessControlEntry")
objACE4.Trustee = strComputerUser
objACE4.AccessMask = ADS_RIGHT_DS_CONTROL_ACCESS
objACE4.AceFlags = 0
objACE4.AceType = ADS_ACETYPE_ACCESS_ALLOWED_OBJECT
objACE4.Flags = ADS_FLAG_OBJECT_TYPE_PRESENT
objACE4.ObjectType = SEND_AS
Set objACE5 = CreateObject("AccessControlEntry")
objACE5.Trustee = strComputerUser
objACE5.AccessMask = ADS_RIGHT_DS_CONTROL_ACCESS
objACE5.AceFlags = 0
objACE5.AceType = ADS_ACETYPE_ACCESS_ALLOWED_OBJECT
objACE5.Flags = ADS_FLAG_OBJECT_TYPE_PRESENT
objACE5.ObjectType = USER_CHANGE_PASSWORD
Set objACE6 = CreateObject("AccessControlEntry")
objACE6.Trustee = strComputerUser
objACE6.AccessMask = ADS_RIGHT_DS_CONTROL_ACCESS
objACE6.AceFlags = 0
objACE6.AceType = ADS_ACETYPE_ACCESS_ALLOWED_OBJECT
objACE6.Flags = ADS_FLAG_OBJECT_TYPE_PRESENT
objACE6.ObjectType = USER_FORCE_CHANGE_PASSWORD
Set objACE7 = CreateObject("AccessControlEntry")
objACE7.Trustee = strComputerUser
objACE7.AccessMask = ADS_RIGHT_DS_WRITE_PROP
objACE7.AceFlags = 0
objACE7.AceType = ADS_ACETYPE_ACCESS_ALLOWED_OBJECT
objACE7.Flags = ADS_FLAG_OBJECT_TYPE_PRESENT
objACE7.ObjectType = USER_ACCOUNT_RESTRICTIONS
Set objACE8 = CreateObject("AccessControlEntry")
objACE8.Trustee = strComputerUser
objACE8.AccessMask = ADS_RIGHT_DS_SELF
objACE8.AceFlags = 0
objACE8.AceType = ADS_ACETYPE_ACCESS_ALLOWED_OBJECT
objACE8.Flags = ADS_FLAG_OBJECT_TYPE_PRESENT
objACE8.ObjectType = VALIDATED_DNS_HOST_NAME
Set objACE9 = CreateObject("AccessControlEntry")
objACE9.Trustee = strComputerUser
objACE9.AccessMask = ADS_RIGHT_DS_SELF
objACE9.AceFlags = 0
objACE9.AceType = ADS_ACETYPE_ACCESS_ALLOWED_OBJECT
objACE9.Flags = ADS_FLAG_OBJECT_TYPE_PRESENT
objACE9.ObjectType = VALIDATED_SPN
objDACL.AddAce objACE1
objDACL.AddAce objACE2
objDACL.AddAce objACE3
objDACL.AddAce objACE4
objDACL.AddAce objACE5
objDACL.AddAce objACE6
objDACL.AddAce objACE7
objDACL.AddAce objACE8
objDACL.AddAce objACE9
objSecurityDescriptor.DiscretionaryAcl = objDACL
objComputer.Put "ntSecurityDescriptor", objSecurityDescriptor
objComputer.SetInfo
Delete a Computer Account
Deletes an individual computer account in Active Directory.
strComputer = "atl-pro-040"
set objComputer = GetObject("LDAP://CN=" & strComputer & _
",CN=Computers,DC=fabrikam,DC=com")
objComputer.DeleteObject (0)
Disable a Global Catalog Server
Disables the global catalog service on the domain controller atl-dc-01.
strComputer = "atl-dc-01"
Const NTDSDSA_OPT_IS_GC = 1
Set objRootDSE = GetObject("LDAP://" & strComputer & "/rootDSE")
strDsServiceDN = objRootDSE.Get("dsServiceName")
Set objDsRoot = GetObject _
("LDAP://" & strComputer & "/" & strDsServiceDN)
intOptions = objDsRoot.Get("options")
If intOptions And NTDSDSA_OPT_IS_GC Then
objDsRoot.Put "options", intOptions Xor NTDSDSA_OPT_IS_GC
objDsRoot.Setinfo
End If
Enable a Global Catalog Server
Enables the global catalog service on the domain controller atl-dc-01.
strComputer = "atl-dc-01"
Const NTDSDSA_OPT_IS_GC = 1
Set objRootDSE = GetObject("LDAP://" & strComputer & "/RootDSE")
strDsServiceDN = objRootDSE.Get("dsServiceName")
Set objDsRoot = GetObject _
("LDAP://" & strComputer & "/" & strDsServiceDN)
intOptions = objDsRoot.Get("options")
If (intOptions And NTDSDSA_OPT_IS_GC) = FALSE Then
objDsRoot.Put "options" , intOptions Or NTDSDSA_OPT_IS_GC
objDsRoot.Setinfo
End If
Join a Computer to a Domain
Joins the local computer to a domain and creates the computer's account in Active Directory.
Const JOIN_DOMAIN = 1
Const ACCT_CREATE = 2
Const ACCT_DELETE = 4
Const WIN9X_UPGRADE = 16
Const DOMAIN_JOIN_IF_JOINED = 32
Const JOIN_UNSECURE = 64
Const MACHINE_PASSWORD_PASSED = 128
Const DEFERRED_SPN_SET = 256
Const INSTALL_INVOCATION = 262144
strDomain = "FABRIKAM"
strPassword = "ls4k5ywA"
strUser = "shenalan"
Set objNetwork = CreateObject("WScript.Network")
strComputer = objNetwork.ComputerName
Set objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\" & _
strComputer & "\root\cimv2:Win32_ComputerSystem.Name='" & _
strComputer & "'")
ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, _
strPassword, strDomain & "\" & strUser, NULL, _
JOIN_DOMAIN + ACCT_CREATE)
List All Computer Accounts in Active Directory
Returns the name and location for all the computer accounts in Active Directory.
Const ADS_SCOPE_SUBTREE = 2
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCOmmand.ActiveConnection = objConnection
objCommand.CommandText = _
"Select Name, Location from 'LDAP://DC=fabrikam,DC=com' " _
& "Where objectClass='computer'"
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
Wscript.Echo "Computer Name: " & objRecordSet.Fields("Name").Value
Wscript.Echo "Location: " & objRecordSet.Fields("Location").Value
objRecordSet.MoveNext
Loop
List FSMO Role Holders
Identifies the Active Directory domain controllers providing the five FSMO roles: Schema Master, Domain Naming Master, PDC Emulator, RID Master, and Infrastructure Master.
Set objRootDSE = GetObject("LDAP://rootDSE")
Set objSchema = GetObject _
("LDAP://" & objRootDSE.Get("schemaNamingContext"))
strSchemaMaster = objSchema.Get("fSMORoleOwner")
Set objNtds = GetObject("LDAP://" & strSchemaMaster)
Set objComputer = GetObject(objNtds.Parent)
WScript.Echo "Forest-wide Schema Master FSMO: " & objComputer.Name
Set objNtds = Nothing
Set objComputer = Nothing
Set objPartitions = GetObject("LDAP://CN=Partitions," & _
objRootDSE.Get("configurationNamingContext"))
strDomainNamingMaster = objPartitions.Get("fSMORoleOwner")
Set objNtds = GetObject("LDAP://" & strDomainNamingMaster)
Set objComputer = GetObject(objNtds.Parent)
WScript.Echo "Forest-wide Domain Naming Master FSMO: " & objComputer.Name
Set objDomain = GetObject _
("LDAP://" & objRootDSE.Get("defaultNamingContext"))
strPdcEmulator = objDomain.Get("fSMORoleOwner")
Set objNtds = GetObject("LDAP://" & strPdcEmulator)
Set objComputer = GetObject(objNtds.Parent)
WScript.Echo "Domain's PDC Emulator FSMO: " & objComputer.Name
Set objRidManager = GetObject("LDAP://CN=RID Manager$,CN=System," & _
objRootDSE.Get("defaultNamingContext"))
strRidMaster = objRidManager.Get("fSMORoleOwner")
Set objNtds = GetObject("LDAP://" & strRidMaster)
Set objComputer = GetObject(objNtds.Parent)
WScript.Echo "Domain's RID Master FSMO: " & objComputer.Name
Set objInfrastructure = GetObject("LDAP://CN=Infrastructure," & _
objRootDSE.Get("defaultNamingContext"))
strInfrastructureMaster = objInfrastructure.Get("fSMORoleOwner")
Set objNtds = GetObject("LDAP://" & strInfrastructureMaster)
Set objComputer = GetObject(objNtds.Parent)
WScript.Echo "Domain's Infrastructure Master FSMO: " & objComputer.Name
List Selected Computer Account Attributes
Demonstration script that retrieves the location and description attributes for a computer account in Active Directory.
On Error Resume Next
Set objComputer = GetObject _
("LDAP://CN=atl-dc-01,CN=Computers,DC=fabrikam,DC=com")
objProperty = objComputer.Get("Location")
If IsNull(objProperty) Then
Wscript.Echo "The location has not been set."
Else
Wscript.Echo "Location: " & objProperty
objProperty = Null
End If
objProperty = objComputer.Get("Description")
If IsNull(objProperty) Then
Wscript.Echo "The description has not been set."
Else
Wscript.Echo "Description: " & objProperty
objProperty = Null
End If
Modify Computer Location Attribute
Demonstration script that changes the location attribute for a computer account in Active Directory.
Set objComputer = GetObject _
("LDAP://CN=atl-dc-01,CN=Computers,DC=fabrikam,DC=com")
objComputer.Put "Location" , "Building 37, Floor 2, Room 2133"
objComputer.SetInfo
Move a Computer Account
Moves a computer account from the Computers container in Active Directory to the Finance OU in the same domain.
Set objNewOU = GetObject("LDAP://OU=Finance,DC=fabrikam,DC=com")
Set objMoveComputer = objNewOU.MoveHere _
("LDAP://CN=atl-pro-03,CN=Computers,DC=fabrikam,DC=com", "CN=atl-pro-03")
Move a Computer Account to a New Domain
Uses the MoveHere method to move an object to another domain. Note that there are a number of restrictions associated with performing this type of move operation. For details, see the Directory Services Platform SDK.
Set objOU = GetObject("LDAP://cn=Computers,dc=NA,dc=fabrikam,dc=com")
objOU.MoveHere "LDAP://cn=Computer01,cn=Users,dc=fabrikam,dc=com", _
vbNullString
Rename a Computer Account
Renames an Active Directory computer account.
Set objNewOU = GetObject("LDAP://OU=Finance,DC=fabrikam,DC=com")
Set objMoveComputer = objNewOU.MoveHere _
("LDAP://CN=atl-pro-037,OU=Finance,DC=fabrikam,DC=com", _
"CN=atl-pro-003")
Rename a Computer and Computer Account
Renames a computer and its corresponding Active Directory computer account. Requires Windows XP or Windows Server 2003, and must be run on the local computer.
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colComputers = objWMIService.ExecQuery _
("Select * from Win32_ComputerSystem")
For Each objComputer in colComputers
err = objComputer.Rename("WebServer")
Next
Reset a Computer Account Password
Resets a computer account password in Active Directory.
Set objComputer = GetObject _
("LDAP://CN=atl-dc-01,CN=Computers,DC=Reskit,DC=COM")
objComputer.SetPassword "atl-dc-01$"
Search for Specific Computer Accounts
Returns the name and location for all the computers in the domain that are running Windows Server 2003.
Const ADS_SCOPE_SUBTREE = 2
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.CommandText = _
"Select Name, Location, operatingSystemVersion from " & _
"'LDAP://DC=fabrikam,DC=com' where objectClass='computer'" & _
" and operatingSystemVersion = '5.1 (3600)'"
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
Wscript.Echo "Computer Name: " & objRecordSet.Fields("Name").Value
Wscript.Echo "Location: " & objRecordSet.Fields("Location").Value
objRecordSet.MoveNext
Loop
Verify Computer Role
Returns the basic role (domain controller, member server, workstation, etc.) for a computer.
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colComputers = objWMIService.ExecQuery _
("Select DomainRole from Win32_ComputerSystem")
For Each objComputer in colComputers
Select Case objComputer.DomainRole
Case 0
strComputerRole = "Standalone Workstation"
Case 1
strComputerRole = "Member Workstation"
Case 2
strComputerRole = "Standalone Server"
Case 3
strComputerRole = "Member Server"
Case 4
strComputerRole = "Backup Domain Controller"
Case 5
strComputerRole = "Primary Domain Controller"
End Select
Wscript.Echo strComputerRole
Next
Verify that a Computer is a Global Catalog Server
Indicates whether or not the atl-dc-01 domain controller is a global catalog server.
strComputer = "atl-dc-01"
Const NTDSDSA_OPT_IS_GC = 1
Set objRootDSE = GetObject("LDAP://" & strComputer & "/rootDSE")
strDsServiceDN = objRootDSE.Get("dsServiceName")
Set objDsRoot = GetObject("LDAP://" & strComputer & "/" & strDsServiceDN)
intOptions = objDsRoot.Get("options")
If intOptions And NTDSDSA_OPT_IS_GC Then
WScript.Echo strComputer & " is a global catalog server."
Else
Wscript.Echo strComputer & " is not a global catalog server."
End If