最近公司在实施AD域方案,为减少工作量,研究了下自动加入域的脚本,还不错,基本上加入域的步骤都考虑进去去了,很方便.
感谢小冯这段时间的帮助,使得我们能够共同提高.
set objShell=wscript.createObject("wscript.shell")
wscript.echo "确定加入域,整个过程大概要1分钟左右。"
//连接到文件服务器上服务器,0表示CMD无前台黑窗提示,true表示只有前条正确执行后才执行下一条.
objShell.Run "cmd.exe /c net user %username% password",0,true
objShell.Run "cmd.exe /c label d: d",0,true
objShell.Run "cmd.exe /c echo d|convert d: /fs:ntfs /x",0,true
objShell.Run "cmd.exe /c reg add ""HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\SimpleSharing"" /v ""DefaultValue"" /t reg_dword /d ""00000000"" /f>nul",0,true
objShell.Run "cmd.exe /c reg add ""HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\SimpleSharing"" /v ""CheckedValue"" /t reg_dword /d ""00000000"" /f>nul",0,true
objShell.Run "cmd.exe /c reg add ""HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\SimpleSharing"" /v ""UncheckedValue"" /t reg_dword /d ""00000000"" /f>nul",0,true
//修改本地连接主DNS为PDC服务器地址,如果PDNS和PDC做在同一服务器上的话.修改辅助DNS为10.10.10.11,
objShell.Run "cmd.exe /c netsh interface ip set dns ""本地连接"" static 10.10.10.10 primary",0,true
objShell.Run "cmd.exe /c netsh interface ip add dns ""本地连接"" 10.10.10.11",0,true
//修改TCP NETBIOS服务状态为自动,并启动netbios服务,不然会提示加入域失败.
objShell.Run "cmd.exe /c sc config LmHosts start= AUTO",0,true
objShell.Run "cmd.exe /c net start lmhosts",0,true
//连接文件服务器,拷贝一个设置好的用户配置文件模板作为新建用户的配置. 新建D:\backup 目录 并修改注册表默认新建帐号的配置文件目录为D:\backup\
objShell.Run "cmd.exe /c net use \\10.10.10.100 password /user:netsun",0,true
objShell.Run "cmd.exe /c md d:\backup",0,true
objShell.Run "cmd.exe /c xcopy ""\\10.103.33.7\软件\Default User"" ""d:\backup\Default User\"" /E /H /k",0,true
objShell.Run "cmd.exe /c reg add ""HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"" /v ""ProfilesDirectory"" /t reg_expand_sz /d ""d:\backup"" /f>nul",0,true
//使用winmgmts服务实现加入域的功能
//strDomain = "domain.local" 域名
//strPassword = "user"
//strUser = "password"
Const JOIN_DOMAIN = 1
Const ACCT_CREATE = 2
Const ACCT_DELETE = 4
Const WIN9X_UPGRADE = 16
Const DOMAIN_JOIN_IF_JOINED = 32
Const JOIN_UNSECURE = 64
Const MACHINE_PASSWORD_PASSED = 128
Const DEFERRED_SPN_SET = 256
Const INSTALL_INVOCATION = 262144
strDomain = "domain.local"
strPassword = "user"
strUser = "password"
Set objNetwork = CreateObject("WScript.Network")
strComputer = objNetwork.ComputerName
Set objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\" & _
strComputer & "\root\cimv2:Win32_ComputerSystem.Name='" & _
strComputer & "'")
ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, _
strPassword, strDomain & "\" & strUser, NULL, _
JOIN_DOMAIN + ACCT_CREATE)
//将 domain users 加入到本机的administrator组中,这个根据需要来做.
objShell.Run "cmd.exe /c net localgroup administrators ""domainname\domain users"" /add",0,true
//加入域成功之后自动重启电脑
wscript.echo "确定重启电脑,请关闭所有窗口,保存好数据!"
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate,(Shutdown)}!\\" & "." & "\root\cimv2")
Set colOperatingSystems = objWMIService.ExecQuery ("Select * from Win32_OperatingSystem")
For Each objOperatingSystem in colOperatingSystems
ObjOperatingSystem.Reboot()
Next
以上vbs脚本文件可以使用文件改造者来转换成EXE文件,发给客户端直接运行即可.
脚本主要的一些改动
1,修改本机用户密码,以免用户加域后从本机登录
2,改动D盘为NTFS格式,去掉系统文件夹选项的简单共享,方便做权限.
3,改动本地连接的DNS为DNS服务器地址,这里有点勉强,应为不是所有的机器网卡都是本地连接,不过一般只要不是双卡的都正确的.
4,开启机器的NetBios解析服务,不然会提示加域失败的.
5,从文件服务器上拷贝一个修改好的默认配置文档到机器的D:\backup,并修改注册表默认配置文件路径为D:\backup,这样做是为了以后装系统方便,不用导出用户在C盘上的资料,如桌面和搜藏夹等等.
6,将Domain users组加入到本机的administrators组中,这个因环境而定
7,加域成功后自动重启,
我把样本贴出来,具体的参数还是要根据实际情况改的.