堆栈内存溢出
  简体   繁体   English

在服务器外部运行用户创建VBS的Active Directory不授予组成员身份

[英]Active Directory running user creation VBS outside of server doesnt grant groupmembership

 原文  2019-07-25 13:25:17       windows/ vbscript/ server/ active-directory

问题描述

my problem is: when i run my user creation script at my server, it works fine, a user gets created and has a membership (according to a .txt file) 我的问题是:当我在服务器上运行用户创建脚本时,它运行正常,创建了一个用户并具有成员身份(根据.txt文件)

when i run that same script outside of my server, the user gets created but doesnt have memberships 当我在服务器之外运行相同脚本时,会创建用户,但没有成员资格

when i run that same script as admin outside of my server, the user gets created but doesnt have memberships 当我在服务器外部运行与管理员相同的脚本时,将创建用户,但没有成员身份

so this is the relevant code that adds memberships: 因此,这是添加成员资格的相关代码: 

Dim fso, f, Row, Field
Set fso = CreateObject("Scripting.FileSystemObject")
Set f = fso.OpenTextFile ("\\some\folder\user.txt",1,0)

Do while not f.AtEndOfLine
Row = f.readLine
Field = split(Row,",")
Username = Field(0)
Group = Field(1)
Lastname = Field(2)
Password = Field(3)
ScriptP = Field(4)
Project = Field(5)
Call UserCreation(Username,Group,Lastname,Password,ScriptP)
Loop

f.Close
Wscript.Quit(0)

Sub UserCreation (Username,Group,Lastname,Password,ScriptP)
Dim ouo, b
Set ouo = GetObject("LDAP://OU=abcOU,DC=my,DC=domain")
Set b = ouo.Create("user", "CN=" & Group & " " & Lastname)
Dim WshShell, ret
Set WshShell = WScript.CreateObject("WScript.Shell")
b.Put "sAMAccountName", Username
b.Put "userPrincipalName", Username & "@my.domain"
b.Put "scriptPath", ScriptP
b.SetInfo
b.SetPassword Password
b.AccountDisabled = False
b.SetInfo

cmdbegin = "cmd /C dsmod group"
CN = "CN=TN_" & Project & ",OU=projectOU,DC=my,DC=domain" 
oudc = "OU=abcOU,DC=my,DC=domain"
cmdmid = "-addmbr"
grpadd = cmdbegin & " " & AddQuotes(CN) & " " & cmdmid & " " & AddQuotes("CN=" & Group & " " & Lastname & "," & oudc) & " >>\\some\folder\log.txt"
WshShell.Run grpadd

that log.txt just adds a row like this at completion: 该log.txt只会在完成时添加如下一行: 

dsmod was successful:CN=TN_Test,OU=projectOU,DC=my,DC=domain

1 个解决方案

解决方案1
 1 已采纳  2019-07-26 12:43:54

The root of the problem is likely that dsmod is not installed on the computer you're running this from, since the documentation says that it is only installed by default on domain controllers. 问题的根源可能是您正在从中运行dsmod的计算机上未安装dsmod ,因为该文档说它仅默认安装在域控制器上。 That can be confirmed by just running dsmod from the command line. 可以通过从命令行运行dsmod来确认。

But that also seems like the hard way to do it. 但这似乎也很难做到。 You can replace everything from the cmdbegin line to the end with this: 您可以使用以下命令替换从cmdbegin行到末尾的所有内容: 

Set group = GetObject("LDAP://CN=TN_" & Project & ",OU=projectOU,DC=my,DC=domain")
group.Add(b.aDSPath)

The group variable will be a IADsGroup object, so you can use its Add method to add the user. group变量将是IADsGroup对象,因此您可以使用其Add方法添加用户。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Windows 2008 服务器 Powershell Active Directory -> 获取用户创建日期 - Windows 2008 server Powershell Active Directory -> Get user creation date Windows / Active Directory - 用户/组 - Windows / Active Directory - User / Groups 在Active Directory中检测用户删除 - Detect user delete in Active Directory 使用Powershell更新Active Directory中的Active Directory用户属性 - Updating Active Directory user properties in Active Directory using Powershell 如何在Windows Server活动目录和Azure AD之间标识同一用户? - How to identify the same user between windows server active directory and azure AD? 如何配置在虚拟机上运行的活动目录 - How to configure active directory running on Virtual machine 如何将用户添加到Active Directory中的特定域 - How to add user to a specific domain in Active Directory Active Directory用户条目和组条目 - Active Directory user entry, and group entry 在活动目录上从PHP创建用户 - Creating user from php on active directory 关于使用 SAMAccountName 语法的活动目录用户查找 - Regarding active directory user lookup with SAMAccountName syntax
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM