stackoom
  简体   繁体   中英

Active Directory running user creation VBS outside of server doesnt grant groupmembership

 原文  2019-07-25 13:25:17       windows/ vbscript/ server/ active-directory

Question

my problem is: when i run my user creation script at my server, it works fine, a user gets created and has a membership (according to a .txt file)

when i run that same script outside of my server, the user gets created but doesnt have memberships

when i run that same script as admin outside of my server, the user gets created but doesnt have memberships

so this is the relevant code that adds memberships: 

Dim fso, f, Row, Field
Set fso = CreateObject("Scripting.FileSystemObject")
Set f = fso.OpenTextFile ("\\some\folder\user.txt",1,0)

Do while not f.AtEndOfLine
Row = f.readLine
Field = split(Row,",")
Username = Field(0)
Group = Field(1)
Lastname = Field(2)
Password = Field(3)
ScriptP = Field(4)
Project = Field(5)
Call UserCreation(Username,Group,Lastname,Password,ScriptP)
Loop

f.Close
Wscript.Quit(0)

Sub UserCreation (Username,Group,Lastname,Password,ScriptP)
Dim ouo, b
Set ouo = GetObject("LDAP://OU=abcOU,DC=my,DC=domain")
Set b = ouo.Create("user", "CN=" & Group & " " & Lastname)
Dim WshShell, ret
Set WshShell = WScript.CreateObject("WScript.Shell")
b.Put "sAMAccountName", Username
b.Put "userPrincipalName", Username & "@my.domain"
b.Put "scriptPath", ScriptP
b.SetInfo
b.SetPassword Password
b.AccountDisabled = False
b.SetInfo

cmdbegin = "cmd /C dsmod group"
CN = "CN=TN_" & Project & ",OU=projectOU,DC=my,DC=domain" 
oudc = "OU=abcOU,DC=my,DC=domain"
cmdmid = "-addmbr"
grpadd = cmdbegin & " " & AddQuotes(CN) & " " & cmdmid & " " & AddQuotes("CN=" & Group & " " & Lastname & "," & oudc) & " >>\\some\folder\log.txt"
WshShell.Run grpadd

that log.txt just adds a row like this at completion: 

dsmod was successful:CN=TN_Test,OU=projectOU,DC=my,DC=domain

1 answers

solution1
 1 ACCPTED  2019-07-26 12:43:54

The root of the problem is likely that dsmod is not installed on the computer you're running this from, since the documentation says that it is only installed by default on domain controllers. That can be confirmed by just running dsmod from the command line.

But that also seems like the hard way to do it. You can replace everything from the cmdbegin line to the end with this: 

Set group = GetObject("LDAP://CN=TN_" & Project & ",OU=projectOU,DC=my,DC=domain")
group.Add(b.aDSPath)

The group variable will be a IADsGroup object, so you can use its Add method to add the user.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Windows 2008 server Powershell Active Directory -> Get user creation date Windows / Active Directory - User / Groups Detect user delete in Active Directory Updating Active Directory user properties in Active Directory using Powershell How to identify the same user between windows server active directory and azure AD? How to configure active directory running on Virtual machine How to add user to a specific domain in Active Directory Active Directory user entry, and group entry Creating user from php on active directory Regarding active directory user lookup with SAMAccountName syntax
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM