RODC環境でドメインに参加させるスクリプト


RODC環境でドメインに参加するためのスクリプト


実行書式は以下の通り。/readonly を忘れずに。


c:\> joindomain.vbs /domain <domainname> /mchinepassword <事前に設定したコンピューターのパスワード> /readonly


----------------------------------------------------------------------------------------- 


' JoinScript.vbs
'
'     Script to join a computer to a domain.
'    
'
'


sub Usage
   wscript.echo " |------------------------------------------------|"
   wscript.echo " |   Joins a computer to a domain or workgroup    |"
   wscript.echo " |------------------------------------------------|"
   wscript.echo ""
   wscript.echo "Usage: "
   wscript.echo " cscript JoinScript.vbs [/domain <domainname> | /workgroup <workgroupname>]"
   wscript.echo "                        [/unjoin] [user <username>] [/password <password>]"
   wscript.echo "                        [/machinepassword <password>] [/readonly] [/createaccount]"
   wscript.echo "                        [/unsecure]"
   wscript.echo ""
   wscript.echo "domain           Specifies the name of a domain to join"
   wscript.echo "                 This option requires user, password"
   wscript.echo ""
   wscript.echo "workgroup        Specifies the name of a workgroup to join"
   wscript.echo ""
   wscript.echo "unjoin           Unjoin from a domain if currently joined."
   wscript.echo ""
   wscript.echo "disable          Disable the account when unjoining the domain."
   wscript.echo "                 This option requires unjoin, user, and password."
   wscript.echo ""
   wscript.echo "createaccount    Specifies to create the computer account in AD"
   wscript.echo ""
   wscript.echo "machinepassword  Specifies a password which is used to"
   wscript.echo "                 authenticate as the machine account to the DC"
   wscript.echo ""
   wscript.echo "readonly         Specifies the domain join will be read only"
   wscript.echo "                 and will not require a writable DC. This option" 
   wscript.echo "                 requires machinepassword and that an Administrator"
   wscript.echo "                 has pre-created the computer account and set a"
   wscript.echo "                 password matching the machinepassword parameter."
   wscript.echo ""
   wscript.echo "DC               Specifies a DC to use during domain join."
   wscript.echo "                 If readonly is specified this is mandatory, otherwise optional."
   wscript.echo ""
   wscript.echo "OU               Specifies an OU where the machine account is created, this is optional."
   wscript.echo ""
   wscript.echo ""
   wscript.echo "Unsecure         Specifies a an unsecure domain join."
   wscript.echo ""
   wscript.echo " |------------------------------------------------|"
   wscript.echo " |Examples: Run 'cscript JoinScript.vbs <args>'   |"
   wscript.echo " |          <args>: Choose a scenario below       |"
   wscript.echo " | * Note lines have been wrapped for readability |"
   wscript.echo " |------------------------------------------------|"
   wscript.echo ""
   wscript.echo "  Join domain: /domain <domainname> /user <username>"
   wscript.echo "               /password <password> /createaccount"
   wscript.echo ""
   wscript.echo "  Join domain with existing account: /domain <domainname>"
   wscript.echo "                                     /user <username>"
   wscript.echo "                                     /password <password>"
   wscript.echo ""
   wscript.echo "  Unjoin from a domain: /unjoin /user <username> /password <password>"
   wscript.echo "                        "
   wscript.echo ""
   wscript.echo "  Read Only join domain: /domain <domainname> /machinepassword <password>"
   wscript.echo "                         /dc <rodcname> /readonly"
   wscript.echo ""
   wscript.echo "  Join workgroup: /workgroup <workgroupname>"
   wscript.echo ""
   wscript.echo ""
   wscript.quit -1
end sub



'
' Get the command line arguments
'
Set Args = Wscript.Arguments
'Set ArgCount = Args.Count


' Validation and Usage
if Args.Count = 0 then
   wscript.echo "Help Requested"
   wscript.echo ""
   Usage
end if


if Args.Count > 0 then
   if Args(0) = "/?" or Args(0) = "-?" or Args(0) = "help" then
      wscript.echo "Help Requested"
      wscript.echo ""
      Usage
   end if
   if Args.Count < 1 then
      wscript.echo "Help Requested"
      wscript.echo ""
      Usage
   end if
end if



' NetJoinDomain flags
Const NETSETUP_JOIN_DOMAIN = 1
Const NETSETUP_ACCT_CREATE = 2
Const NETSETUP_ACCT_DELETE = 4
Const NETSETUP_WIN9X_UPGRADE = 16
Const NETSETUP_DOMAIN_JOIN_IF_JOINED = 32
Const NETSETUP_JOIN_UNSECURE = 64
Const NETSETUP_MACHINE_PWD_PASSED = 128
Const NETSETUP_DEFER_SPN_SET = 256
Const NETSETUP_JOIN_READONLY = 2048
Const NETSETUP_INSTALL_INVOCATION = 262144


' Local state to track limited parameter validation
Options = 0
ReadOnly = 0
Unsecure = 0
JoinWorkgroup = 0
UnjoinDomain = 0
MachinePassword = 0


' Inputs for the join call
strDC = ""
strOU = ""
strDomainName = ""
strDomainNameAndDC = ""
strPassword = ""
strUserName = ""


' Collect parameters
ArgNum = 0


do while ArgNum < Args.Count


   if Args(ArgNum) = "/domain" or Args(ArgNum) = "/Domain" then
      strDomainName = Args(ArgNum+1)
      Options = Options + NETSETUP_JOIN_DOMAIN
      ArgNum = ArgNum + 1
   end if


   if Args(ArgNum) = "/user" or Args(ArgNum) = "/User" then
      strUserName = Args(ArgNum+1)
      ArgNum = ArgNum + 1
   end if


   if Args(ArgNum) = "/password" or Args(ArgNum) = "/Password" then
      strPassword = Args(ArgNum+1)
      ArgNum = ArgNum + 1
   end if


   if Args(ArgNum) = "/machinepassword" or Args(ArgNum) = "/MachinePassword" then
      strPassword = Args(ArgNum+1)
      MachinePassword = 1
      Options = Options + NETSETUP_MACHINE_PWD_PASSED
      ArgNum = ArgNum + 1
   end if


   if Args(ArgNum) = "/readonly" or Args(ArgNum) = "/ReadOnly" then
      Options = Options + NETSETUP_JOIN_READONLY
      ReadOnly = 1     
   end if


   if Args(ArgNum) = "/unsecure" or Args(ArgNum) = "/Unsecure" then
      Options = Options + NETSETUP_JOIN_UNSECURE
      Unsecure = 1     
   end if


   if Args(ArgNum) = "/workgroup" or Args(ArgNum) = "/WorkGroup" then
      JoinWorkgroup = 1
      strDomainName = Args(ArgNum+1)
      ArgNum = ArgNum + 1
   end if


   if Args(ArgNum) = "/dc" or Args(ArgNum) = "/DC" then
      strDC = Args(ArgNum+1)
      ArgNum = ArgNum + 1
   end if


   if Args(ArgNum) = "/ou" or Args(ArgNum) = "/OU" then
      strOU = Args(ArgNum+1)
      ArgNum = ArgNum + 1
   end if


   if Args(ArgNum) = "/unjoin" or Args(ArgNum) = "/Unjoin" then
      UnjoinDomain = 1
      ArgNum = ArgNum + 1
   end if


   if Args(ArgNum) = "/disable" or Args(ArgNum) = "/disable" then
      Disable = 1
      Options = Options + NETSETUP_ACCT_DELETE      
   end if


   if Args(ArgNum) = "/createaccount" or Args(ArgNum) = "/CreateAccount" then
      Options = Options + NETSETUP_ACCT_CREATE     
   end if


   ArgNum = ArgNum + 1



loop             


' Error reporting
if ReadOnly = 1 then
   if MachinePassword = 0 then
       wscript.echo "ReadOnly requires MachinePassword"
       wscript.quit(-1)      
   end if
end if 


if Disable = 1 and UnjoinDomain = 0 then
       wscript.echo "Disable is only valid with the unjoin option"
       wscript.quit(-1)      
end if         



' The username is optional and may need to be NULL when passed to the join API below
if strUserName = "" then optionAux = NULL else optionAux = strUserName


' The OU is optional and may need to be NULL when passed to the join API below
if strOU = "" then optionOU = NULL else optionOU = strOU


' Handle the case where this is a domain join and a DC was specified
if strDC = "" then strDomainNameAndDC = strDomainName else strDomainNameAndDC = strDomainName & "\" & strDC


wscript.echo strDomainNameAndDC


Set objNetwork = CreateObject("WScript.Network")
strComputer = objNetwork.ComputerName


Set objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\" & strComputer & "\root\cimv2:Win32_ComputerSystem.Name='" & strComputer & "'")
'ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomainName, strPassword, strDomainName & "\" & strUserName, NULL, NETSETUP_JOIN_DOMAIN + NETSETUP_JOIN_READONLY + NETSETUP_MACHINE_PWD_PASSED)


' Perform the join/unjoin operation
if UnjoinDomain = 1 then
   ReturnValue = objComputer.UnjoinDomainOrWorkGroup(strPassword, optionAux, Options)
else
   ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomainNameAndDC, strPassword, optionAux, optionOU, Options)
end if



' Report success messages
if ReturnValue = 0 then
      if JoinWorkgroup = 1 then
         wscript.echo "Welcome to the workgroup: " & strDomainName
         wscript.quit(0)
      end if


      if UnjoinDomain = 1 then
         wscript.echo "The machine was unjoined from the domain."
         wscript.quit(0)
      end if


      if JoinWorkgroup = 0 then
         wscript.echo "Welcome to the domain: " & strDomainName
         wscript.quit(0)
      end if
else
    wscript.echo "Error: " & ReturnValue
end if


 

Comments (0)

Skip to main content