呕心沥血加域脚本

转贴自http://hi.baidu.com/mikeoldyang/blog/item/1ea1d1d53acc8e09a08bb7c8.html

加域脚本一直以来都不太敢写,只是用netdom命令做个几个批处理,因为其中可能出现的意外以及报错太多了,以我微薄的脚本知识实在是搞不定的,比如说域中已经有帐号啦,多个DC之间同步啦,等等。倒是之前公司的一个台湾高手,用脚本结合ASP.net写的一个,倒是相当的完美,故也不需要我班门弄斧了。

    可是现在,没办法了,必须要搞了,只能硬着头皮上了,结果是成就了破自己记录的733行脚本,其中使用多种脚本技术,有连接AD、使用替代凭据、制定DC、打开文件夹、连接注册表、结合htm文件、字符串处理、循环、错误判断、交互、shell等等,其中有很多还是第一次学会,耗时超过10天,每天超过6个小时的全心全意撰写。

一、Function主要功能:

1. Directly rename it in the domain   在域中重命名
2. Rename it in the workgroup   在工作组中重命名
3. Join domain   加域

二、Note 注意事项:

1. Privilege account must is acct or admin account with minuscule   特权帐号必须为acct 或 admin 的小写帐号
2. Check UAC setting  检查是否有UAC 设置
3. The new name of computer must less then 15 characters  新计算机名不能多于15个字符
4. You must know whether need to delete the same account while rename the computer or change the name.
重命名计算机时,如果域中已经有帐号,需要先删除(判断) 或重新输入
5. After rename the computer in the workgroup, you must run the tool again.
在工作组中重命名计算机后,在重新启动后需要再次运行此工具来加入域。
6. Only select sub-directory while join computer into domain
加域的时候,只能选择最底层的OU

三、版本历史:

0. 这是曾经的用批处理用netdom加域的,可是总是发生加不进去的问题。

1. v1版本用Vb来加域,打算不用netdom命令,可是会发生如果已经存在帐号就加不进去,帐号刚刚被删除,也无法加进去。同时一个最无法接受的是不能指定OU,因为做这个脚本就是这个目的,故放弃。

2. v2 版本又回到使用netdom上来,因为后来发现netdom可以指定DC,OU,这样一来就完全达到的要求,而且由于可以指定DC,所以如果对象存在,就可以先删除再加域,也可以加域成功。使用打开文件夹的方法实现指定目标OU。此为里程碑的版本

3. v3 版本在v2版本的基础上增加了可以直接在域中重命名计算机的功能。

4. v4 版本在v3版本的基础上集成了htm文件,从而可以输入操作帐号,增强了安全性。

5. 非常要命的是当v4版本几乎完美的时候,发现在vista下总是报错,无法加域成功。然后通过网上搜,知道有vista同netdom有一个bug,KB932173 由此判定netdom无法完成任务,故只好又转向用vbscript加域任何再用move的方法。但是move总是不成功。然后又发现其实用vbscript可以指定OU,这个发现曾经让我兴奋不已,觉得总vbscript的路通了。所以又有了v5版本

6. vbscript加域致命的问题依旧出现了,就是如果一个帐号存在,先删除,再加就加不进去了,总结为就是因为vbscript加域无法指定DC(鉴于前车之鉴,此次经多方确认)导致DC间尚未同步,故就加不进去了。

7. 基于对vbscript加域彻底绝望,故再次在netdom上的v3上寻找突破,所以有了v3.2,3.2的最大突破是,发现在vista下无法成功,是由于

Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or shared resource and try again..
   以及在后边部分少了一些定义导致。

8. v3.3和3.4 最大发现是在Vista下如果Enable 了UAC 则rename 的时候会显示 "Access is denied",所以增加check UAC的部分。

9. v3.5在3.4的基础上增加了在加域前重命名计算机的功能。

10. v3.6 和3.7 增加了集成htm文件提示输入操作帐号的功能。

11. v3.7 和3.8 修复了一些bug,以及增加中文提示,最终定义为V5。

四、技术突破

1. 由于需要输入帐号密码,而如果仅仅是inputbox的方法的话,在输入密码的时候会可以看到,所以学会了结合htm文件来输入帐号和屏蔽密码。

2. 学会了利用脚本运行的错误来实现判断 If err <> 0 then

3. 学会使用intAnswer来实现交互

 intAnswer = Msgbox("Do you want toxxx ", vbYesNo, "Delete the computer account")

 If intAnswer = vbNo Then  ....

4. 利用打开文件夹来模拟打开AD中的OU来实现加域时指定OU

Const WINDOW_HANDLE = 0
Const OPTIONS = 0 
strPath = “c:/temp”
 Set objShell = CreateObject("Shell.Application")
 Set objFolder = objShell.BrowseForFolder _
     (WINDOW_HANDLE, "Select a OU (选择一个OU):", OPTIONS, strPath)

5. 由于运行脚本的时候往往当前登录的验证信息不足以完成操作,比如说在域中直接rename,所以就需要特权帐号来执行,而之前会的哪些脚本都是利用本身帐号的权限来完成的,故这个Challenge挑战在脚本一开始的时候就困扰我很久。查了很多文章,才找到一些多种使用替代凭据运行执行语句的办法来适用多种情况。还有就是如果涉及到查询AD,如果能够指定DC最好,因为可能存在DC间复制延迟导致脚本运行失败的可能,尤其是像我们这种跨国公司只有一个域,本地不是子域的情况。

    a. 当在脚本里面需要在AD中Getobject的时候,下面的方法可以指定DC和凭据

Set root = GetObject("LDAP:")
Set objcomputer = root.OpenDSObject("LDAP://DCNanme/cn=xxx,OU=xxx,dc=xxx,dc=xxx", strUser, strPassword,  _
        ADS_USE_ENCRYPTION AND ADS_SECURE_AUTHENTICATION)

而以前是这么写的

Set objComputer = GetObject(LDAP://cn=xxx,OU=xxx,dc=xxx,dc=xxx)

    b. 当在脚本里面查询AD中的对象使用下面方法时,也可以制定DC和凭据

 Set objConnection = CreateObject("ADODB.Connection")
 Set objCommand =   CreateObject("ADODB.Command")
 objConnection.Provider = "ADsDSOObject"
 objConnection.Properties("User ID") = strUser
 objConnection.Properties("Password") = strPassword

 objConnection.Properties("Encrypt Password") = True
 objConnection.Open "Active Directory Provider"
 Set objCommand.ActiveConnection = objConnection
 objCommand.Properties("Page Size") = 1000
 objCommand.CommandText = "LDAP://DCname/dc=xxx,dc=xxx;" & _
         "(&(objectCategory=computer)(objectClass=user)(Name=" & strComputer & "));" & _
             "distinguishedName,name;Subtree"
 Set objRecordSet = objCommand.Execute
 SerTempDN = objRecordSet.Fields("distinguishedName").Value

脚本如下:

' ----------------------------------------------------------------------------
' JoinDomainForIT.vbs
' VBScript program to Join computer into domain or rename it in the AD
' Date: 08/12/2008
' Version: 5.0 -- Change to Unicode and add chinese description.
' By: Mike Yang at AMD Suzhou 37890
' ----------------------------------------------------------------------------

On Error Resume Next

' ###########################################################################
' Get privilege account, e.g admin_xxx or acct_xxx
' ###########################################################################

' Dim Shell
Dim oShell
Set oShell = WScript.CreateObject ("WSCript.shell")

' -------------------------
' Get User & Password
' -------------------------
Set objExplorer = WScript.CreateObject _
    ("InternetExplorer.Application", "IE_")

objExplorer.Navigate "file://///ssuzfile22/helpdesk$/JoinDomain/Password.htm"  
objExplorer.ToolBar = 0
objExplorer.StatusBar = 0
objExplorer.Width = 620
objExplorer.Height = 420
objExplorer.Left = 100
objExplorer.Top = 100
objExplorer.Visible = 1            

Do While (objExplorer.Document.Body.All.OKClicked.Value = "")
    Wscript.Sleep 250                
Loop

' --------------------------------------------------------------
strUserName = objExplorer.Document.Body.All.UserName.Value
strUser = "amd/" & strUserName
strPassword = objExplorer.Document.Body.All.UserPassword.Value
' --------------------------------------------------------------

strButton = objExplorer.Document.Body.All.OKClicked.Value
objExplorer.Quit
Wscript.Sleep 250

If strButton = "Cancelled" Then
 Wscript.Quit
End If
If strUsername = "" or strPassword = "" Then
 Wscript.Quit
End If

' -------------------------
' Check input User
' -------------------------
adminxxx = Left(strUser,10)
'Wscript.echo adminxxx

acctxxx =  Left(strUser,9)
'Wscript.echo acctxxx

If adminxxx <> "amd/admin_" and acctxxx <> "amd/acct_" Then
 Wscript.echo "" _
  & "Error!! You must use acct_xxx or admin_xxx to run the tools. " & chr(10) & chr(13) _
  & "错误!!请使用acct或admin帐号来运行此工具 " & chr(10) & chr(13) & chr(10) & chr(13) _
  & "And you must use minuscule to inpute,like acct_yjay , please input again."& chr(10) & chr(13) _
  & "同时请务必使用小写来输入,比如 acct_yjay, 请再次输入。"

 run8 = "//ssuzfile22/helpdesk$/joindomain/JoinDomainForIT.vbe"
 'Wscript.echo run8
 oShell.run run8,true
 Wscript.quit
End If

' -------------------------
' Authenticate User
' -------------------------

Const ADS_SECURE_AUTHENTICATION = 1
Const ADS_USE_ENCRYPTION = 2

strPath = "OU=Suzhou,dc=amd,dc=com"

Set root = GetObject("LDAP:")
Set objOU = root.OpenDSObject("LDAP://SSUZDC3/" & strPath, strUser, strPassword,  _
        ADS_USE_ENCRYPTION AND ADS_SECURE_AUTHENTICATION)

SuzDN = objOU.distinguishedName
If err = 424 then
 Wscript.echo "" _
  & "Logon failure: unknown user name or bad password, please input again." & chr(10) & chr(13) & chr(10) & chr(13) _
  & "登录失败,错误的用户名或者密码,请再次输入。"

 run8 = "//ssuzfile22/helpdesk$/joindomain/JoinDomainForIT.vbe"
 'Wscript.echo run8
 oShell.run run8,true
 wscript.quit
 
ElseIf err <> 0 Then
 Wscript.echo "" _
  & "failed,please contack with Mike Yang (37890)" & chr(10) & chr(13) & chr(10) & chr(13) _
  & "失败,请了联系 杨向群(37890)"

 run8 = "//ssuzfile22/helpdesk$/joindomain/JoinDomainForIT.vbe"
 'Wscript.echo run8
 oShell.run run8,true
 Wscript.quit

End If

' ###########################################################################
' Define
' ###########################################################################
' -------------------------
' Define
' -------------------------

' Dim for open folder
Const WINDOW_HANDLE = 0
Const OPTIONS = 0

strPath = "//Ssuzfile22/helpdesk$/JoinDomain/amd.com"

' Dim auth
'strUser = "amd/xxxxx"
'strPassword = "xxxxx"


' Get ComputerName
Set objNetwork = CreateObject("WScript.Network")
strComputer = objNetwork.ComputerName
UserDomain = objNetwork.userdomain
UserName = objNetwork.username

LogonName = UserDomain & "/" & UserName
'Wscript.Echo LogonName

 

' ------------------------------
' Check if is it in the domain
' ------------------------------
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!//" & strComputer & "/root/cimv2")

'Set colItems = objWMIService.ExecQuery ("Select * from Win32_ComputerSystem")
'For Each objItem in colItems
' DomainName = objItem.domain
'Next

Set objWMI = GetObject("winmgmts://./root/cimv2")
Set colComputer = objWMI.ExecQuery("select DomainRole from win32_computersystem",,48)
For Each objComputer in colComputer
 role = objComputer.DomainRole
Next

'Wscript.echo role

' ###########################################################################
' Rename computer in the domain when it is in the domain
' ###########################################################################

' -------------------------------------
' role = 0 or 2 is standlone computer
' -------------------------------------
' If the computer is in the domain
If role <> 0 and role <> 2 Then

 ' -------------------------------------
 ' search AD to find the account
 ' -------------------------------------
 Set objConnection = CreateObject("ADODB.Connection")
 Set objCommand =   CreateObject("ADODB.Command")
 objConnection.Provider = "ADsDSOObject"

 objConnection.Properties("User ID") = strUser
 objConnection.Properties("Password") = strPassword
 objConnection.Properties("Encrypt Password") = True

 objConnection.Open "Active Directory Provider"
 Set objCommand.ActiveConnection = objConnection

 objCommand.Properties("Page Size") = 1000

 objCommand.CommandText = "<LDAP://ssuzdc3/dc=amd,dc=com>;" & _
         "(&(objectCategory=computer)(objectClass=user)(Name=" & strComputer & "));" & _
             "distinguishedName,name;Subtree"
 Set objRecordSet = objCommand.Execute
 SerTempDN = objRecordSet.Fields("distinguishedName").Value

 ' -------------------------------------
 ' If the account is lost in the AD
 ' -------------------------------------
 If err <> 0 Then
  err.clear
  Wscript.echo "" _
   & "The computer is in the domain, but seems it has lost the account in the AD, " & chr(10) & chr(13) _
   & "此计算机在域中, 但是似乎在活动目录中丢失了对应的帐号。 " & chr(10) & chr(13) & chr(10) & chr(13) _
   & "Please unjoin it from domain manually, then run the tool again." & chr(10) & chr(13) _
   & "请手动将此计算机退出域,然后再次运行此工具。"
  Wscript.quit
 End If

 ' -------------------------------------
 ' Check the logon account
 ' -------------------------------------
 adminxxx = Left(LogonName,10)
 'Wscript.echo adminxxx

 acctxxx =  Left(LogonName,9)
 'Wscript.echo acctxxx

 If adminxxx <> "AMD/admin_" and acctxxx <> "AMD/acct_" Then
  intAnswer = Msgbox( "" _
   & "The computer is in the domain, to rename computer in the AD,you must logon as amd/acct_xxx or amd/admin_xxx ," & chr(10) & chr(13) _
   & "此计算机已经在域中,如果你要直接在域中重命名它,你必须用acct或者admin帐号来登录到Windows。" & chr(10) & chr(13) & chr(10) & chr(13) _
   & "Currently you are NOT logon as amd/acct_xxx or amd/admin_xxx, so could you log off now?" & chr(10) & chr(13) _
   & "当前您没有用这类帐号来登录,你需要现在注销计算机吗?" & chr(10) & chr(13) & chr(10) & chr(13) _
   & "If you click No, the script will quit!"& chr(10) & chr(13) _
   & "如果您点击NO,此工具将退出。", vbYesNo, "Check logon account")

  If intAnswer = vbNo Then
   Wscript.quit

  Else
    Const LOG_OFF = 0
    Const FORCED_LOG_OFF = 4

   Set objWMIService = GetObject("winmgmts:" _
         & "{impersonationLevel=impersonate,(Shutdown)}!//" & strComputer & "/root/cimv2")
   Set colOperatingSystems = objWMIService.ExecQuery _
         ("Select * from Win32_OperatingSystem")
   For Each objOperatingSystem in colOperatingSystems
         ObjOperatingSystem.Win32Shutdown(FORCED_LOG_OFF)
   Next

   Wscrit.quit
  End If

 End If

 ' -------------------------------------
 ' Check UAC
 ' -------------------------------------
 Const HKEY_LOCAL_MACHINE = &H80000002
 Set StdOut = WScript.StdOut
 Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!//" &_
  strComputer & "/root/default:StdRegProv")

 dwKeyPath = "SOFTWARE/Microsoft/Windows/CurrentVersion/Policies/System"
 dwValueName = "EnableLUA"
 oReg.GetDWORDValue HKEY_LOCAL_MACHINE,dwKeyPath,dwValueName,dwValue
 UAC = dwValue
 'Wscript.echo UAC

 If UAC = 1 Then
  Wscript.echo "" _
   & "The computer is in the domain and its OS is Windows Vista. At present, UAC has been ENABLED!! " & chr(10) & chr(13) _
   & "此计算机已经在域中,其操作系统是Windows Vista,UAC 设置是启用的!! " & chr(10) & chr(13) & chr(10) & chr(13) _
   & "So if you want to directly rename it in the domain, please Disable UAC first and then run the tool again. Click OK to quit the tool." & chr(10) & chr(13) _
   & "如果你需要直接在域中重命名此计算机,请先禁用UAC,然后再次运行此工具。点击 OK 退出此工具。"
  Wscript.quit
 End if

 ' -------------------------------------
 ' Prompt input new computer name
 ' -------------------------------------
 intAnswer = Msgbox("" _
   & "The computer is in the domain and you has logon as amd/acct_xxx or amd/admin_xxx, " & chr(10) & chr(13) _
   & "此计算机已经在域中同时您已经使用acct或admin帐号登录Windows。 " & chr(10) & chr(13) & chr(10) & chr(13) _
   & "Do you want to rename it in the domain? If you click No, the tool will quit!" & chr(10) & chr(13) _
   & "你要重命名此计算机吗?如果您点击 NO,将退出此工具。" , vbYesNo, "Do you want to rename it?")

 If intAnswer = vbNo Then
  Wscript.quit

 Else
  ' ------------------------------
  ' Check input
  ' ------------------------------
  kk = 1
  do until kk = 0
   kk = 0
   InputNewComName = inputBox("" _
    & "Currently, the computer's name is  " & strComputer & chr(10) & chr(13) _
    & "当前的计算机名是 " & strComputer & chr(10) & chr(13) & chr(10) & chr(13) _
    & "Please input your new Computer Name and click OK . Click  Cancel  to quit the tool." & chr(10) & chr(13) _
    & "请输入新的计算机名并点击 OK 。点击 Cancle 退出此工具。" & chr(10) & chr(13)& chr(10) & chr(13) )

   ' ------------------------------
   ' If no input
   ' ------------------------------
   If InputNewComName = "" Then
    Wscript.quit
   End If

   If Len(InputNewComName) > 15 Then
    Wscript.Echo "" _
     & "Your input is error, please fill in less than 15 characters" & chr(10) & chr(13) & chr(10) & chr(13) _
     & "您的输入有误,计算机名不能多于15个字符。"
    kk = 1

   Else
    Set objConnection = CreateObject("ADODB.Connection")
    Set objCommand =   CreateObject("ADODB.Command")
    objConnection.Provider = "ADsDSOObject"

    objConnection.Properties("User ID") = strUser
    objConnection.Properties("Password") = strPassword
    objConnection.Properties("Encrypt Password") = True

    objConnection.Open "Active Directory Provider"
    Set objCommand.ActiveConnection = objConnection

    objCommand.Properties("Page Size") = 1000

    objCommand.CommandText = "<LDAP://ssuzdc3/dc=amd,dc=com>;" & _
             "(&(objectCategory=computer)(objectClass=user)(Name=" & InputNewComName & "));" & _
                 "distinguishedName,name;Subtree"
    Set objRecordSet = objCommand.Execute
    SerDN = objRecordSet.Fields("distinguishedName").Value
   
    If err = 0 Then
     intAnswer = Msgbox("" _
      & "The new computer name your input has exsited in the AD, Do you want to delete it first?" & chr(10) & chr(13) _
      & "您输入的新计算机名在活动目录中已经存在,您想要在域中删除此帐号吗?" & chr(10) & chr(13) & chr(10) & chr(13) _
      & "If you want to change another name please click No ." & chr(10) & chr(13) _
      & "如果您需要重新输入新的计算机名,请点击 NO ", vbYesNo, "Delete the computer account")

     If intAnswer = vbNo Then
      kk = 1
     Else 

      Set root = GetObject("LDAP:")
      Set objComputer = root.OpenDSObject("LDAP://SSUZDC3/" & SerDN, strUser, strPassword, 200)
      objComputer.DeleteObject(0)

      If err<>0 Then
       err.clear
       Wscript.Echo "" _
        & "Delete computer is failed, the script will quit." & chr(10) & chr(13) & chr(10) & chr(13) _
        & "删除帐号失败,此脚本将退出。"
       Wscript.quit
      Else
       Wscript.Echo "" _
        & "Delete computer is successfully! Please click OK to continue!" & chr(10) & chr(13) & chr(10) & chr(13) _
        & "删除帐号成功,请点击 OK 继续。"
      End If

     End If 
    Else

     err.clear

    End If
   End If
  Loop

  ' ------------------------------
  ' Rename
  ' ------------------------------
  Set objWMIService = GetObject("Winmgmts:root/cimv2")

  For Each objComputer in _
       objWMIService.InstancesOf("Win32_ComputerSystem")
        err = ObjComputer.Rename(InputNewComName)

   If err = 1326 Then
    Wscript.echo "" _
     & "bad password" & chr(10) & chr(13) & chr(10) & chr(13) _
     & "密码错误"
    Wscript.quit

   ElseIf err = 5 Then
    Wscript.echo "" _
     & "Access is denied." & chr(10) & chr(13) & chr(10) & chr(13) _
     & "拒绝访问。"
    Wscript.quit
   ElseIf err <> 0 Then
                  Wscript.echo err.number
    Wscript.quit
   End If

  Next
  err.clear
     
  ' ------------------------------
  ' Restart
  ' ------------------------------
  Wscript.echo "" _
   & "Rename the computer is successful, Please click OK to restart your computer!" & chr(10) & chr(13) & chr(10) & chr(13) _
   & "重命名计算机成功,请点击 OK 重启您的计算机。"
  run0 = "shutdown -r -f -t 1"
  'Wscript.echo run0
  oShell.run run0,true
  Wscript.quit  

 End If
 
End If


' ###########################################################################
' Join into Domain when computer out of domain
' ###########################################################################

' -------------------------
' Connect to file
' -------------------------

'run1 = "net use //ssuzfile22/helpdesk$ " & strPassword & " /user:" & struser
'Wscript.echo run1
'oShell.run run1,true

' -------------------------------
' Ask user is current accout OK?
' -------------------------------
intAnswer = Msgbox("" _
  & "Your computer's name is " & strComputer & chr(10) & chr(13) _
  & "此计算机的名字是" & strComputer & chr(10) & chr(13) & chr(10) & chr(13) _
  & "Please click Yes  --  If you want to join it into domain with the name. " & chr(10) & chr(13) _
  & "请点击 Yes  -- 如果您想用此名称来加入域,  " & chr(10) & chr(13) & chr(10) & chr(13) _
  & "Please click No   --  If you want to rename it first." & chr(10) & chr(13) _
  & "请点击 No   -- 如果您想先重命名它。" & chr(10) & chr(13) & chr(10) & chr(13) _
  & "After rename the computer and restarted, please run the tool again." & chr(10) & chr(13) _
  & "在您重命名以及重新启动计算机后, 请再次运行此工具.", vbYesNo, "Do you like the name?")

If intAnswer = vbYes Then

 ' -------------------------
 ' Get computer info
 ' -------------------------
 Set objConnection = CreateObject("ADODB.Connection")
 Set objCommand =   CreateObject("ADODB.Command")
 objConnection.Provider = "ADsDSOObject"
 objConnection.Properties("User ID") = strUser
 objConnection.Properties("Password") = strPassword
 objConnection.Properties("Encrypt Password") = True

 objConnection.Open "Active Directory Provider"
 Set objCommand.ActiveConnection = objConnection

 objCommand.Properties("Page Size") = 1000

 objCommand.CommandText = "<LDAP://ssuzdc3/dc=amd,dc=com>;" & _
         "(&(objectCategory=computer)(objectClass=user)(Name=" & strComputer & "));" & _
             "distinguishedName,name;Subtree"
 Set objRecordSet = objCommand.Execute

 strComDN = objRecordSet.Fields("distinguishedName").Value
 'Wscript.echo strComDN

 ' -----------------------------------
 ' Check the computer account in AD
 ' -----------------------------------
 If err=0 Then
 
  intAnswer = Msgbox("" _
    & "Your Computer is NOT in the domain, but now the computer account is existent in the AD, " & chr(10) & chr(13) _
    & "此计算机不在域中,但是在活动目录中已经存在同名的帐号。 " & chr(10) & chr(13) & chr(10) & chr(13) _
    & "Do you want to delete it first? If you click No, the tool will quit!" & chr(10) & chr(13) _
    & "您想先删除此同名帐号吗?如果您点击 No, 此工具将退出。", vbYesNo, "Delete the computer account")

   If intAnswer = vbYes Then

    Set root = GetObject("LDAP:")
    Set objComputer = root.OpenDSObject("LDAP://SSUZDC3/" & strComDN, strUser, strPassword, 200)
    objComputer.DeleteObject(0)

    If err<>0 Then
     err.clear
     Wscript.Echo "" _
      & "Delete computer is failed, the tool will quit." & chr(10) & chr(13) & chr(10) & chr(13) _
      & "删除计算机帐号失败, 此工具将退出."
     Wscript.quit
    Else

    Wscript.Echo "" _
     & "Delete computer is successfully! Please click OK to continue!" & chr(10) & chr(13) & chr(10) & chr(13) _
     & "删除计算机帐号成功,请点击 OK 继续下一步。"

    End If 
   Else
    Wscript.quit
   End If
 Else
  err.clear
 
 End If

Else

' ------------------------------
' Rename and restart
' ------------------------------

 ' ------------------------------
 ' Check input
 ' ------------------------------
 kk = 1
 do until kk = 0
  kk = 0
  InputNewComName = inputBox("" _
   & "Currently, the computer's name is  " & strComputer & chr(10) & chr(13) _
   & "此计算机当前名为  " & strComputer & chr(10) & chr(13) & chr(10) & chr(13) _
   & "Please input your new Computer Name and click OK . Click  Cancel  to quit the tool." & chr(10) & chr(13) _
   & "请输入新计算机名,并点击 OK 。点击 Cancel 退出此工具" & chr(10) & chr(13) & chr(10) & chr(13) )

  ' ------------------------------
  ' If no input
  ' ------------------------------
  If InputNewComName = "" Then
   Wscript.quit
  End If

  If Len(InputNewComName) > 15 Then
   Wscript.Echo "" _
    & "Your input is error, please fill in less than 15 characters." & chr(10) & chr(13) & chr(10) & chr(13) _
    & "您的输入有误,计算机名不能多于15个字符。"
   kk = 1

  Else
   Set objConnection = CreateObject("ADODB.Connection")
   Set objCommand =   CreateObject("ADODB.Command")
   objConnection.Provider = "ADsDSOObject"
   objConnection.Properties("User ID") = strUser
   objConnection.Properties("Password") = strPassword
   objConnection.Properties("Encrypt Password") = True

   objConnection.Open "Active Directory Provider"
   Set objCommand.ActiveConnection = objConnection

   objCommand.Properties("Page Size") = 1000

   objCommand.CommandText = "<LDAP://ssuzdc3/dc=amd,dc=com>;" & _
         "(&(objectCategory=computer)(objectClass=user)(Name=" & InputNewComName & "));" & _
               "distinguishedName,name;Subtree"
   Set objRecordSet = objCommand.Execute
   strNewDN = objRecordSet.Fields("distinguishedName").Value
   
   If err = 0 Then
    intAnswer = Msgbox("" _
     & "Your input computer account is existent in the AD, Do you want to delete it first? " & chr(10) & chr(13) _
     & "您输入的计算机帐号在活动目录中已经存在, 您想删除此现有的帐号吗?" & chr(10) & chr(13) & chr(10) & chr(13) _
     & "If you click No, will try to input another computername!" & chr(10) & chr(13) _
     & "如果您点击 NO, 您将可以重新输入新的名称。", vbYesNo, "Delete the computer account")

    If intAnswer = vbYes Then

     Set root = GetObject("LDAP:")
     Set objComputer = root.OpenDSObject("LDAP://SSUZDC3/" & strNewDN, strUser, strPassword, 200)
     objComputer.DeleteObject(0)

     If err<>0 Then
      err.clear
      Wscript.Echo "" _
       & "Delete computer is failed, the tool will quit." & chr(10) & chr(13) & chr(10) & chr(13) _
       & "删除计算机帐号失败, 此工具将退出."
      Wscript.quit
     Else

      Wscript.Echo "" _
       & "Delete computer is successfully! Please click OK to continue!" & chr(10) & chr(13) & chr(10) & chr(13) _
       & "删除计算机帐号成功,请点击 OK 继续下一步。"

     End If 

    Else
     kk = 1
 
    End If 

   End If
  End If

 Loop

 ' ------------------------------
 ' Rename
 ' ------------------------------
 Set objWMIService = GetObject("Winmgmts:root/cimv2")

 For Each objComputer in _
  objWMIService.InstancesOf("Win32_ComputerSystem")
       err = ObjComputer.Rename(InputNewComName)

  If err = 1326 Then
   Wscript.echo "" _
    & "bad password" & chr(10) & chr(13) & chr(10) & chr(13) _
    & "密码错误"
   Wscript.quit

  ElseIf err = 5 Then
   Wscript.echo "" _
    & "Access is denied." & chr(10) & chr(13) & chr(10) & chr(13) _
    & "拒绝访问。"
   Wscript.quit
  ElseIf err <> 0 Then
         Wscript.echo err.number
   Wscript.quit
  End If

 Next
 err.clear
     
 ' ------------------------------
 ' Restart
 ' ------------------------------
 Wscript.echo "" _
  & "Rename the computer is successful, Please click OK to restart Your Computer! And run the tool again." & chr(10) & chr(13) & chr(10) & chr(13) _
  & "重命名计算机成功,请点击 OK 重新启动计算机并再次运行此工具。"

 run0 = "shutdown -r -f -t 1"
 'Wscript.echo run0
 oShell.run run0,true
 Wscript.quit

End If


' -------------------------
' Select Path
' -------------------------
KK = 1
Do until kk = 0
 kk = 0

 Set objShell = CreateObject("Shell.Application")
 Set objFolder = objShell.BrowseForFolder _
     (WINDOW_HANDLE, "Select a OU (选择一个OU):", OPTIONS, strPath)

 If objFolder Is Nothing Then
     Wscript.Quit
 End If

 Set objFolderItem = objFolder.Self
 objPath = objFolderItem.Path

 ' -------------------------
 ' Check Path
 ' -------------------------
 If objPath = strPath or objPath = strPath+"/Suzhou" or objPath = strPath+"/Suzhou/Servers" or objPath = strPath+"/Suzhou/Workstations" Then
  'Wscript.Echo "error " & objPath & "Please select again!"

  Wscript.Echo "" _
   & "Error Path, Please select its subdirectory!" & chr(10) & chr(13) & chr(10) & chr(13) _
   & "错误的路径,请重新选择下层目录。"
  KK = 1

 ElseIf objPath = strPath+"/Suzhou/Servers/Physical Servers" Then
  OU = "OU=Physical Servers,OU=Servers,OU=Suzhou,DC=amd,DC=com"

 ElseIf objPath = strPath+"/Suzhou/Servers/Virtual DEV Servers" Then
  OU = "OU=Virtual DEV Servers,OU=Servers,OU=Suzhou,DC=amd,DC=com"

 ElseIf objPath = strPath+"/Suzhou/Servers/Virtual Infrastructure Servers" Then
  OU = "OU=Virtual Infrastructure Servers,OU=Servers,OU=Suzhou,DC=amd,DC=com"

 ElseIf objPath = strPath+"/Suzhou/Workstations/Laptops" Then
  OU = "OU=Laptops,OU=Workstations,OU=Suzhou,DC=amd,DC=com"

 ElseIf objPath = strPath+"/Suzhou/Workstations/PCs" Then
  OU = "OU=PCs,OU=Workstations,OU=Suzhou,DC=amd,DC=com"

 ElseIf objPath = strPath+"/Suzhou/Workstations/Virtual DEVs" Then
  OU = "OU=Virtual DEVs,OU=Workstations,OU=Suzhou,DC=amd,DC=com"

 End If
Loop

strOU = """" & OU & """"
'Wscript.echo OU
'Wscript.echo strOU

' -------------------------
' Join Domain
' -------------------------
run3 = "//ssuzfile22/helpdesk$/JoinDomain/netdom join " & strComputer & " /Domain:amd.com/ssuzdc3" & " /OU:" & strOU & " /userd:" & struser & " /passwordd:" & strPassword
'Wscript.echo run3
oShell.run run3,true
Wscript.sleep 3000

' -------------------------
' research the account
' -------------------------
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"

objConnection.Properties("User ID") = strUser
objConnection.Properties("Password") = strPassword
objConnection.Properties("Encrypt Password") = True

objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection

objCommand.Properties("Page Size") = 1000
objCommand.CommandText = "<LDAP://ssuzdc3/dc=amd,dc=com>;" & _
        "(&(objectCategory=computer)(objectClass=user)(Name=" & strComputer & "));" & _
            "distinguishedName,name;Subtree"
Set objRecordSet = objCommand.Execute

strTargetDN = objRecordSet.Fields("distinguishedName").Value

If err<>0 Then
 wscript.echo err
 err.clear
 Wscript.echo "" _
  & "The computer is not be joined into domain, please contact Mike Yang (37890)" & chr(10) & chr(13) & chr(10) & chr(13) _
  & "计算机加入域失败,请联系 杨向群 (37890)"
 Wscript.quit
End If

' -------------------------
' Check the target OU
' -------------------------
tDN = "CN=" & strComputer & "," & OU
'Wscript.echo tDN

If strTargetDN = tDN Then
 Wscript.echo "" _
  & "The computer has be joined into AMD domain successfully. Please click OK to restart your computer!" & chr(10) & chr(13) & chr(10) & chr(13) _
  & "此计算机成功加入域,请单击 OK 重新启动计算机。"
Else
 Wscript.echo "" _
  & "The computer has be joined into AMD domain successfully, but seems target OU is error." & chr(10) & chr(13) & chr(10) & chr(13) _
  & "此计算机成功加入域,但是似乎目标OU是错误的,请单击 OK 重新启动计算机。"
End If

run4 = "shutdown -r -f -t 1"
'Wscript.echo run4
oShell.run run4,true

你可能感兴趣的:(呕心沥血加域脚本)