I have not yet tested this script from the technet script center:
=============
Const JOIN_DOMAIN = 1
Const ACCT_CREATE = 2
Const ACCT_DELETE = 4
Const WIN9X_UPGRADE = 16
Const DOMAIN_JOIN_IF_JOINED = 32
Const JOIN_UNSECURE = 64
Const MACHINE_PASSWORD_PASSED = 128
Const DEFERRED_SPN_SET = 256
Const INSTALL_INVOCATION = 262144
strDomain = "FABRIKAM"
strPassword = "ls4k5ywA"
strUser = "shenalan"
Set objNetwork = CreateObject("WScript.Network")
strComputer = objNetwork.ComputerName
Set objComputer = GetObject("winmgmts:{impersonationLevel=Impersonat e}!\\" &
_
strComputer & "\root\cimv2:Win32_ComputerSystem.Name='" & _
strComputer & "'")
ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, _
strPassword, strDomain & "\" & strUser, NULL, _
JOIN_DOMAIN + ACCT_CREATE)
==========
The constants in your snippet are bit masks for the userAccountControl
attribute. This attribute has many flag settings, defined by bits of the
integer value. You test a bit with the AND operator and a bit mask (any
non-zero result is True, 0 is False). You set a bit with the OR operator and
the appropriate bit mask. You toggle a bit with the XOR operator. There are
several other bit masks. Note that &H20 is hex 20, which is 32 decimal.
&H1000 is 4096 decimal. The constants above I copied from the Microsoft site
are decimal bit masks. They user the "+" operator above, which I guess is
the same as OR.
--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab -
http://www.rlmueller.net
--
"Derrick" <> wrote in message
news:CB77C2F4-8BBD-405A-B392-...
>I still have not figured out this problem but I do want to say that when I
> tried to join the computer, I get the "Access Denied" message. That tells
> me
> the account created by the SCRIPT is not given proper permission.
>
> Question then comes to these Const variables: What does the &h0020 and
> &h1000 mean?
>
> Const ADS_UF_PASSWD_NOTREQD = &h0020
> Const ADS_UF_WORKSTATION_TRUST_ACCOUNT = &h1000
>
>
>
> "Derrick" wrote:
>
>> Hi, I found this script (see below) from the TechNet CD for creating a
>> ComputerName account in Active Directory. The script ran fine. I
>> created
>> the account in AD but when I try to join the computer to the domain, I
>> could
>> not get it to join. If I manually create the CN account in AD, I can
>> join
>> the computer just fine. I was wondering if someone had tried it and if
>> you
>> know what is wrong?
>>
>> Thank you,
>> Derrick
>>
>> Description
>> Creates and enables a computer account in Active Directory, which must be
>> used by an Administrator when adding a workstation to the domain.
>>
>> Script Code
>>
>> strComputer = "atl-pro-001"
>>
>> Const ADS_UF_PASSWD_NOTREQD = &h0020
>> Const ADS_UF_WORKSTATION_TRUST_ACCOUNT = &h1000
>>
>> Set objRootDSE = GetObject("LDAP://rootDSE")
>> Set objContainer = GetObject("LDAP://cn=Computers," & _
>> objRootDSE.Get("defaultNamingContext"))
>>
>> Set objComputer = objContainer.Create("Computer", "cn=" & strComputer)
>> objComputer.Put "sAMAccountName", strComputer & "$"
>> objComputer.Put "userAccountControl", _
>> ADS_UF_PASSWD_NOTREQD Or ADS_UF_WORKSTATION_TRUST_ACCOUNT
>> objComputer.SetInfo
>>
>>
>>
Similar Threads
Linear Mode
