Hi,
I am looking for a script to copy the Group Membership of one system to another in AD from a system which is not connected to domain, below is the script which i wrote but getting error " Could not find the Name or Insufficient Rights to see Name, at this stage "objTrans.Set ADS_NAME_TYPE_NT4, strDomain & "\" & strComputer2 & "$"
"
please help
Basically what the script does is it will prompt for Old computer name for Source & new computer for destination & it will create a computer account & copy the group membership from source to destination computer.
Option Explicit
Dim strComputer1, strComputer2, strDomain, strOU, intAnswer, objNS, objRootDSE, objContainer
Dim strUser, strPassword, objTrans, strComputerDN, strServer, objComputer, objClone
strOU = "OU=Workstations ,"
Do
strComputer1 = InputBox("Please enter the Old Computer Name to Get Group Membership:")
If strComputer1 <> "" Then
Exit Do
Else
msgbox "Old Computer Name Is Required", vbCritical
End If
Loop
'WScript.Echo "ComputerName: " & strComputer1
Do
strComputer2 = InputBox("Please enter the New Computer Name to append Group Membership:")
If strComputer2 <> "" Then
Exit Do
Else
msgbox "New Computer Name Is Required", vbCritical
End If
Loop
'WScript.Echo "ComputerName: " & strComputer2
' Specify user name and password.
strUser = "administrator"
strPassword = "Passw0rd"
' Specify Domain Controller.
strServer = "AD"
' Retrieve NetBIOS name of the domain.
strDomain = "TEST.COM"
Const ADS_SECURE_AUTHENTICATION = &h0001
Const ADS_SERVER_BIND = &h0200
Const ADS_UF_WORKSTATION_TRUST_ACCOUNT = &h1000
Set objNS = GetObject("LDAP:")
Set objRootDSE = objNS.OpenDSObject("LDAP://ad.test.com", _
strUser, strPassword, _
ADS_SERVER_BIND Or ADS_SECURE_AUTHENTICATION)
Set objContainer = objNS.OpenDSObject("LDAP://ad.test.com/OU=Workstations,dc=test,dc=com", _
strUser, strPassword, _
ADS_SERVER_BIND Or ADS_SECURE_AUTHENTICATION)
Set objComputer = objContainer.Create("Computer", "cn=" & strComputer2)
objComputer.Put "sAMAccountName", strComputer2 & "$"
objComputer.Put "userAccountControl", _
ADS_SECURE_AUTHENTICATION Or ADS_UF_WORKSTATION_TRUST_ACCOUNT
objComputer.SetInfo
' Constants required for name translate
Const ADS_NAME_INITTYPE_DOMAIN = 1
Const ADS_NAME_INITTYPE_SERVER = 2
Const ADS_NAME_INITTYPE_GC = 3
Const ADS_NAME_TYPE_NT4 = 3
Const ADS_NAME_TYPE_1779 = 1
wscript.echo "Computer1: " & strComputer1
wscript.echo "Computer2: " & strComputer2
' Call function to return the distinguished name (DN) of the computer
strComputerDN1 = getComputerDN(strComputer1,strDomain)
strComputerDN2= getComputerDN(strComputer2,strDomain)
WScript.Echo "ComputerDN1: " & strComputerDN1
WScript.Echo "ComputerDN2: " & strComputerDN2
function getComputerDN(strComputer, strDomain)
'Use NameTranslate to convert NT name into DN.
Set objTrans = CreateObject("NameTranslate")
' Initialize by specifying Domain Controller. Specify credentials.
objTrans.InitEx ADS_NAME_INITTYPE_DOMAIN, strDomain, strUser, strDomain, strPassword
' Use Set method to specify NT format of name.
' Be sure to append the "$" to the NetBIOS name of the computer.
objTrans.Set ADS_NAME_TYPE_NT4, strDomain & "\" & strComputer2 & "$"
strComputerDN = objTrans.Get(ADS_NAME_TYPE_1779)
' Use NameTranslate to convert NT name into DN.
Set objTrans = CreateObject("NameTranslate")
' Initialize by specifying Domain Controller. Specify credentials.
objTrans.InitEx ADS_NAME_INITTYPE_DOMAIN, strDomain, strUser, strDomain, strPassword
' Use Set method to specify NT format of name.
' Be sure to append the "$" to the NetBIOS name of the computer.
objTrans.Set ADS_NAME_TYPE_NT4, strDomain & "\" & strComputer1 & "$"
strComputerDN = objTrans.Get(ADS_NAME_TYPE_1779)
End Function
'Bind to clone user object.
Set objClone = GetObject("LDAP://ad.test.com" & "/" & strComputerDN1)
' Bind to new user object.
Set objComputer = GetObject("LDAP://ad.test.com" & "/" & strComputerDN2)
' Enumerate direct group memberships of clone user.
For Each objGroup in objClone.Groups
' Check if new user already a member.
If (objGroup.IsMember(objComputer.AdsPath) = False) Then
' Add new user to the group.
objGroup.Add(objComputer.AdsPath)
End If
Next