Script to Copy Group Membership of Computer from a Non Domain System

[Harish.H.Y]

Hi,

 

I am looking for a script to copy the Group Membership of one system to another in AD from a system which is not connected to domain, below is the script which i wrote but getting error " Could not find the Name or Insufficient Rights to see Name, at this stage "objTrans.Set ADS_NAME_TYPE_NT4, strDomain & "\" & strComputer2 & "$"

"

please help

 

Basically what the script does is it will prompt for Old computer name for Source & new computer for destination & it will create a computer account & copy the group membership from source to destination computer.

 

Option Explicit

Dim strComputer1, strComputer2, strDomain, strOU, intAnswer, objNS, objRootDSE, objContainer

Dim strUser, strPassword, objTrans, strComputerDN, strServer, objComputer, objClone

strOU = "OU=Workstations ,"

Do

strComputer1 = InputBox("Please enter the Old Computer Name to Get Group Membership:")

If strComputer1 <> "" Then

Exit Do

Else

msgbox "Old Computer Name Is Required", vbCritical

End If

Loop

'WScript.Echo "ComputerName: " & strComputer1

Do

strComputer2 = InputBox("Please enter the New Computer Name to append Group Membership:")

If strComputer2 <> "" Then

Exit Do

Else

msgbox "New Computer Name Is Required", vbCritical

End If

Loop

'WScript.Echo "ComputerName: " & strComputer2

 

' Specify user name and password.

strUser = "administrator"

strPassword = "Passw0rd"

 

' Specify Domain Controller.

strServer = "AD"

 

' Retrieve NetBIOS name of the domain.

strDomain = "TEST.COM"

Const ADS_SECURE_AUTHENTICATION = &h0001

Const ADS_SERVER_BIND = &h0200

Const ADS_UF_WORKSTATION_TRUST_ACCOUNT = &h1000

Set objNS = GetObject("LDAP:")

Set objRootDSE = objNS.OpenDSObject("LDAP://ad.test.com", _

strUser, strPassword, _

ADS_SERVER_BIND Or ADS_SECURE_AUTHENTICATION)

Set objContainer = objNS.OpenDSObject("LDAP://ad.test.com/OU=Workstations,dc=test,dc=com", _

strUser, strPassword, _

ADS_SERVER_BIND Or ADS_SECURE_AUTHENTICATION)

Set objComputer = objContainer.Create("Computer", "cn=" & strComputer2)

objComputer.Put "sAMAccountName", strComputer2 & "$"

objComputer.Put "userAccountControl", _

ADS_SECURE_AUTHENTICATION Or ADS_UF_WORKSTATION_TRUST_ACCOUNT

objComputer.SetInfo

 

' Constants required for name translate

Const ADS_NAME_INITTYPE_DOMAIN = 1

Const ADS_NAME_INITTYPE_SERVER = 2

Const ADS_NAME_INITTYPE_GC = 3

Const ADS_NAME_TYPE_NT4 = 3

Const ADS_NAME_TYPE_1779 = 1

wscript.echo "Computer1: " & strComputer1

wscript.echo "Computer2: " & strComputer2

 

' Call function to return the distinguished name (DN) of the computer

strComputerDN1 = getComputerDN(strComputer1,strDomain)

strComputerDN2= getComputerDN(strComputer2,strDomain)

WScript.Echo "ComputerDN1: " & strComputerDN1

WScript.Echo "ComputerDN2: " & strComputerDN2

function getComputerDN(strComputer, strDomain)

 

'Use NameTranslate to convert NT name into DN.

Set objTrans = CreateObject("NameTranslate")

 

' Initialize by specifying Domain Controller. Specify credentials.

objTrans.InitEx ADS_NAME_INITTYPE_DOMAIN, strDomain, strUser, strDomain, strPassword

 

' Use Set method to specify NT format of name.

' Be sure to append the "$" to the NetBIOS name of the computer.

objTrans.Set ADS_NAME_TYPE_NT4, strDomain & "\" & strComputer2 & "$"

strComputerDN = objTrans.Get(ADS_NAME_TYPE_1779)

 

' Use NameTranslate to convert NT name into DN.

Set objTrans = CreateObject("NameTranslate")

 

' Initialize by specifying Domain Controller. Specify credentials.

objTrans.InitEx ADS_NAME_INITTYPE_DOMAIN, strDomain, strUser, strDomain, strPassword

 

' Use Set method to specify NT format of name.

' Be sure to append the "$" to the NetBIOS name of the computer.

objTrans.Set ADS_NAME_TYPE_NT4, strDomain & "\" & strComputer1 & "$"

strComputerDN = objTrans.Get(ADS_NAME_TYPE_1779)

 

End Function

 

'Bind to clone user object.

Set objClone = GetObject("LDAP://ad.test.com" & "/" & strComputerDN1)

 

' Bind to new user object.

Set objComputer = GetObject("LDAP://ad.test.com" & "/" & strComputerDN2)

 

' Enumerate direct group memberships of clone user.

For Each objGroup in objClone.Groups

 

' Check if new user already a member.

If (objGroup.IsMember(objComputer.AdsPath) = False) Then

 

' Add new user to the group.

objGroup.Add(objComputer.AdsPath)

End If

Next