mercredi 30 octobre 2013

Create a local administrator account on every computer of the domain

I've recently implemented a Active Directory domain controller and wanted to get rid of local users ... turns out it's not such a great idea since sometimes you'll need a local admin to fix the AD connectivity... So, I wrote a little script that runs every now and then and create a local user with admin rights for debugging and such... It iterates over all the computer object it will find under the root of the AD and create the user. Beware that it only works if the machines are online, so you'll have to run it often enough to make sure every laptop has been hit at least once.
I hope you'll find it useful.

' This is a script to add local user accounts and add them to the local admin group
' Author: JBANIER Date: 28/10/2013

on error resume next

Const ADS_SCOPE_SUBTREE = 200
Const FOR_READING = 1
Const strUser = "localadmin"
Const strPassword = "localpa$$w0rd"
Dim objConnection, objCommand, objFile, strFile, strLDAP, strSelectAttr

Set objNet = WScript.CreateObject( "WScript.Network" )
Set objRootLDAP = GetObject("LDAP://rootDSE")
strPathToDomain = "LDAP://" & objRootLDAP.Get("defaultNamingContext")
strSelectAttr = "cn, operatingSystem"

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"

Set objCommand.ActiveConnection = objConnection
objCommand.CommandText = _
    "Select " & strSelectAttr & " from '" & strPathToDomain _
        & "' Where objectClass='computer'"
Wscript.Echo objCommand.CommandText
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
Set objRecordSet = objCommand.Execute

objRecordSet.MoveFirst

Do Until objRecordSet.EOF
    ' Create user
    strComputer = objRecordSet.Fields("cn").Value
    Set colAccounts = GetObject("WinNT://" & strComputer & "")
    Set objUser = colAccounts.Create("user", strUser)
    objUser.SetPassword strPassword
    objUser.SetInfo
    Wscript.Echo "Added user " & strUser & " to " & strComputer
    ' add user to admin group
    Set objLocalUser = GetObject("WinNT://" & strComputer & "/" & strUser)
    Set objLocalAdmGroup = GetObject("WinNT://" & strComputer & "/Administrators,group")
    objLocalAdmGroup.Add(objLocalUser.AdsPath)
    Wscript.Echo "Added user " & strUser & " to " & strComputer & "'s local admin group"
    objRecordSet.MoveNext
Loop

Set objConnection = Nothing
Set objCommand = Nothing
Set objFile = Nothing
Set strFile = Nothing
Set strLDAP = Nothing
Set strSelectAttr = Nothing

Aucun commentaire:

Enregistrer un commentaire

Hadoop / Spark2 snippet that took way too long to figure out

This is a collection of links and snippet that took me way too long to figure out; I've copied them here with a bit of documentation in...