1
那里有数百篇文章讲授,但我的案例是“独特的”。所以我得到访问被拒绝的行:如何将域帐户用户添加到本地组?
Set objDomainUser = GetObject("WinNT://" & domainControllerIP & "/" & domainAccount & ",user")
所以我意识到我必须通过用户的凭据。大多数人只通过域名,这是很好的。它将连接到通过查看环境变量%LOGONSERVER%可以知道的域控制器。我需要指定域控制器名称(或IP),否则它不适用于我们。
所以我只是试图让这个sintax正确。这里是我的代码:
Sub AddAccountToLocalGroup(domainName, domainControllerIP, localGroup, domainAccount)
Dim localComputer : localComputer = GetMachineName()
Dim objLocalGroup
Dim objDomainUser
const ADS_SECURE_AUTHENTICATION = &h0001
const ADS_SERVER_BIND = &h0200
Set objLocalGroup = GetObject("WinNT://" & localComputer & "/" & localGroup & ",group")
'Set objDomainUser = GetObject("WinNT://" & domainControllerIP & "/" & domainAccount & ",user") 'ACCESS DENIED
'Error happens in Set objDomainUser
' Set objDomainUser = GetObject("WinNT:").OpenDSObject("WinNT://" & domainName & "/" & domainControllerIP & "/" & "Bob", "Bob", "Password", ADS_SECURE_AUTHENTICATION or ADS_SERVER_BIND)
' Set objDomainUser = GetObject("WinNT:").OpenDSObject("WinNT://" & domainName & "/" & domainControllerIP & "/" & "Bob", "Bob", "Password", ADS_SECURE_AUTHENTICATION or ADS_SERVER_BIND)
' Set objDomainUser = GetObject("WinNT:").OpenDSObject("WinNT://" & domainName & "/" & domainControllerIP & "/" & ",user", "Bob", "Password", ADS_SECURE_AUTHENTICATION or ADS_SERVER_BIND)
' Set objDomainUser = GetObject("WinNT:").OpenDSObject("WinNT://" & domainName & "/" & "Bob" & ",user", "Bob", "Password", ADS_SECURE_AUTHENTICATION or ADS_SERVER_BIND)
'Add domain user to local group
objLocalGroup.Add(objDomainUser.ADsPath)
If Err.Number <> 0 Then
WScript.Echo Err.Number
Else
WScript.Echo domainAccount & " has been added to local group."
End If
End Sub
谢谢!
这帮了我很多。谢谢你,先生! – Max 2013-02-21 17:28:40
现在唯一的问题是如何在循环中获取用户帐户对象? Set objDomainUser = GetObject(“WinNT://”&... – Max 2013-02-21 19:39:52
以前我试过,它给了我“Microsoft VBScript运行时错误:权限被拒绝:'GetObject'” 请记住,VBScript(cmd.exe )在SYSTEM帐户下运行,但如果我传递凭据以访问AD对象,那应该没关系。 注意:如果我在使用MY帐户登录时运行脚本,那么脚本可以工作!但我需要在SYSTEM帐户下完成这项工作并将证书传递给WinNT/LDAP等等...... – Max 2013-02-22 15:33:47