[英]Active Directory running user creation VBS outside of server doesnt grant groupmembership
my problem is: when i run my user creation script at my server, it works fine, a user gets created and has a membership (according to a .txt file) 我的问题是:当我在服务器上运行用户创建脚本时,它运行正常,创建了一个用户并具有成员身份(根据.txt文件)
when i run that same script outside of my server, the user gets created but doesnt have memberships 当我在服务器之外运行相同脚本时,会创建用户,但没有成员资格
when i run that same script as admin outside of my server, the user gets created but doesnt have memberships 当我在服务器外部运行与管理员相同的脚本时,将创建用户,但没有成员身份
so this is the relevant code that adds memberships: 因此,这是添加成员资格的相关代码:
Dim fso, f, Row, Field
Set fso = CreateObject("Scripting.FileSystemObject")
Set f = fso.OpenTextFile ("\\some\folder\user.txt",1,0)
Do while not f.AtEndOfLine
Row = f.readLine
Field = split(Row,",")
Username = Field(0)
Group = Field(1)
Lastname = Field(2)
Password = Field(3)
ScriptP = Field(4)
Project = Field(5)
Call UserCreation(Username,Group,Lastname,Password,ScriptP)
Loop
f.Close
Wscript.Quit(0)
Sub UserCreation (Username,Group,Lastname,Password,ScriptP)
Dim ouo, b
Set ouo = GetObject("LDAP://OU=abcOU,DC=my,DC=domain")
Set b = ouo.Create("user", "CN=" & Group & " " & Lastname)
Dim WshShell, ret
Set WshShell = WScript.CreateObject("WScript.Shell")
b.Put "sAMAccountName", Username
b.Put "userPrincipalName", Username & "@my.domain"
b.Put "scriptPath", ScriptP
b.SetInfo
b.SetPassword Password
b.AccountDisabled = False
b.SetInfo
cmdbegin = "cmd /C dsmod group"
CN = "CN=TN_" & Project & ",OU=projectOU,DC=my,DC=domain"
oudc = "OU=abcOU,DC=my,DC=domain"
cmdmid = "-addmbr"
grpadd = cmdbegin & " " & AddQuotes(CN) & " " & cmdmid & " " & AddQuotes("CN=" & Group & " " & Lastname & "," & oudc) & " >>\\some\folder\log.txt"
WshShell.Run grpadd
that log.txt just adds a row like this at completion: 该log.txt只会在完成时添加如下一行:
dsmod was successful:CN=TN_Test,OU=projectOU,DC=my,DC=domain
The root of the problem is likely that dsmod
is not installed on the computer you're running this from, since the documentation says that it is only installed by default on domain controllers. 问题的根源可能是您正在从中运行dsmod
的计算机上未安装dsmod
,因为该文档说它仅默认安装在域控制器上。 That can be confirmed by just running dsmod
from the command line. 可以通过从命令行运行dsmod
来确认。
But that also seems like the hard way to do it. 但这似乎也很难做到。 You can replace everything from the cmdbegin
line to the end with this: 您可以使用以下命令替换从cmdbegin
行到末尾的所有内容:
Set group = GetObject("LDAP://CN=TN_" & Project & ",OU=projectOU,DC=my,DC=domain")
group.Add(b.aDSPath)
The group
variable will be a IADsGroup
object, so you can use its Add
method to add the user. group
变量将是IADsGroup
对象,因此您可以使用其Add
方法添加用户。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.