RODC環境でドメインに参加させるスクリプト
RODC環境でドメインに参加するためのスクリプト
実行書式は以下の通り。/readonly を忘れずに。
c:\> joindomain.vbs /domain <domainname> /mchinepassword <事前に設定したコンピューターのパスワード> /readonly
-----------------------------------------------------------------------------------------
' JoinScript.vbs
'
' Script to join a computer to a domain.
'
'
'
sub Usage
wscript.echo " |------------------------------------------------|"
wscript.echo " | Joins a computer to a domain or workgroup |"
wscript.echo " |------------------------------------------------|"
wscript.echo ""
wscript.echo "Usage: "
wscript.echo " cscript JoinScript.vbs [/domain <domainname> | /workgroup <workgroupname>]"
wscript.echo " [/unjoin] [user <username>] [/password <password>]"
wscript.echo " [/machinepassword <password>] [/readonly] [/createaccount]"
wscript.echo " [/unsecure]"
wscript.echo ""
wscript.echo "domain Specifies the name of a domain to join"
wscript.echo " This option requires user, password"
wscript.echo ""
wscript.echo "workgroup Specifies the name of a workgroup to join"
wscript.echo ""
wscript.echo "unjoin Unjoin from a domain if currently joined."
wscript.echo ""
wscript.echo "disable Disable the account when unjoining the domain."
wscript.echo " This option requires unjoin, user, and password."
wscript.echo ""
wscript.echo "createaccount Specifies to create the computer account in AD"
wscript.echo ""
wscript.echo "machinepassword Specifies a password which is used to"
wscript.echo " authenticate as the machine account to the DC"
wscript.echo ""
wscript.echo "readonly Specifies the domain join will be read only"
wscript.echo " and will not require a writable DC. This option"
wscript.echo " requires machinepassword and that an Administrator"
wscript.echo " has pre-created the computer account and set a"
wscript.echo " password matching the machinepassword parameter."
wscript.echo ""
wscript.echo "DC Specifies a DC to use during domain join."
wscript.echo " If readonly is specified this is mandatory, otherwise optional."
wscript.echo ""
wscript.echo "OU Specifies an OU where the machine account is created, this is optional."
wscript.echo ""
wscript.echo ""
wscript.echo "Unsecure Specifies a an unsecure domain join."
wscript.echo ""
wscript.echo " |------------------------------------------------|"
wscript.echo " |Examples: Run 'cscript JoinScript.vbs <args>' |"
wscript.echo " | <args>: Choose a scenario below |"
wscript.echo " | * Note lines have been wrapped for readability |"
wscript.echo " |------------------------------------------------|"
wscript.echo ""
wscript.echo " Join domain: /domain <domainname> /user <username>"
wscript.echo " /password <password> /createaccount"
wscript.echo ""
wscript.echo " Join domain with existing account: /domain <domainname>"
wscript.echo " /user <username>"
wscript.echo " /password <password>"
wscript.echo ""
wscript.echo " Unjoin from a domain: /unjoin /user <username> /password <password>"
wscript.echo " "
wscript.echo ""
wscript.echo " Read Only join domain: /domain <domainname> /machinepassword <password>"
wscript.echo " /dc <rodcname> /readonly"
wscript.echo ""
wscript.echo " Join workgroup: /workgroup <workgroupname>"
wscript.echo ""
wscript.echo ""
wscript.quit -1
end sub
'
' Get the command line arguments
'
Set Args = Wscript.Arguments
'Set ArgCount = Args.Count
' Validation and Usage
if Args.Count = 0 then
wscript.echo "Help Requested"
wscript.echo ""
Usage
end if
if Args.Count > 0 then
if Args(0) = "/?" or Args(0) = "-?" or Args(0) = "help" then
wscript.echo "Help Requested"
wscript.echo ""
Usage
end if
if Args.Count < 1 then
wscript.echo "Help Requested"
wscript.echo ""
Usage
end if
end if
' NetJoinDomain flags
Const NETSETUP_JOIN_DOMAIN = 1
Const NETSETUP_ACCT_CREATE = 2
Const NETSETUP_ACCT_DELETE = 4
Const NETSETUP_WIN9X_UPGRADE = 16
Const NETSETUP_DOMAIN_JOIN_IF_JOINED = 32
Const NETSETUP_JOIN_UNSECURE = 64
Const NETSETUP_MACHINE_PWD_PASSED = 128
Const NETSETUP_DEFER_SPN_SET = 256
Const NETSETUP_JOIN_READONLY = 2048
Const NETSETUP_INSTALL_INVOCATION = 262144
' Local state to track limited parameter validation
Options = 0
ReadOnly = 0
Unsecure = 0
JoinWorkgroup = 0
UnjoinDomain = 0
MachinePassword = 0
' Inputs for the join call
strDC = ""
strOU = ""
strDomainName = ""
strDomainNameAndDC = ""
strPassword = ""
strUserName = ""
' Collect parameters
ArgNum = 0
do while ArgNum < Args.Count
if Args(ArgNum) = "/domain" or Args(ArgNum) = "/Domain" then
strDomainName = Args(ArgNum+1)
Options = Options + NETSETUP_JOIN_DOMAIN
ArgNum = ArgNum + 1
end if
if Args(ArgNum) = "/user" or Args(ArgNum) = "/User" then
strUserName = Args(ArgNum+1)
ArgNum = ArgNum + 1
end if
if Args(ArgNum) = "/password" or Args(ArgNum) = "/Password" then
strPassword = Args(ArgNum+1)
ArgNum = ArgNum + 1
end if
if Args(ArgNum) = "/machinepassword" or Args(ArgNum) = "/MachinePassword" then
strPassword = Args(ArgNum+1)
MachinePassword = 1
Options = Options + NETSETUP_MACHINE_PWD_PASSED
ArgNum = ArgNum + 1
end if
if Args(ArgNum) = "/readonly" or Args(ArgNum) = "/ReadOnly" then
Options = Options + NETSETUP_JOIN_READONLY
ReadOnly = 1
end if
if Args(ArgNum) = "/unsecure" or Args(ArgNum) = "/Unsecure" then
Options = Options + NETSETUP_JOIN_UNSECURE
Unsecure = 1
end if
if Args(ArgNum) = "/workgroup" or Args(ArgNum) = "/WorkGroup" then
JoinWorkgroup = 1
strDomainName = Args(ArgNum+1)
ArgNum = ArgNum + 1
end if
if Args(ArgNum) = "/dc" or Args(ArgNum) = "/DC" then
strDC = Args(ArgNum+1)
ArgNum = ArgNum + 1
end if
if Args(ArgNum) = "/ou" or Args(ArgNum) = "/OU" then
strOU = Args(ArgNum+1)
ArgNum = ArgNum + 1
end if
if Args(ArgNum) = "/unjoin" or Args(ArgNum) = "/Unjoin" then
UnjoinDomain = 1
ArgNum = ArgNum + 1
end if
if Args(ArgNum) = "/disable" or Args(ArgNum) = "/disable" then
Disable = 1
Options = Options + NETSETUP_ACCT_DELETE
end if
if Args(ArgNum) = "/createaccount" or Args(ArgNum) = "/CreateAccount" then
Options = Options + NETSETUP_ACCT_CREATE
end if
ArgNum = ArgNum + 1
loop
' Error reporting
if ReadOnly = 1 then
if MachinePassword = 0 then
wscript.echo "ReadOnly requires MachinePassword"
wscript.quit(-1)
end if
end if
if Disable = 1 and UnjoinDomain = 0 then
wscript.echo "Disable is only valid with the unjoin option"
wscript.quit(-1)
end if
' The username is optional and may need to be NULL when passed to the join API below
if strUserName = "" then optionAux = NULL else optionAux = strUserName
' The OU is optional and may need to be NULL when passed to the join API below
if strOU = "" then optionOU = NULL else optionOU = strOU
' Handle the case where this is a domain join and a DC was specified
if strDC = "" then strDomainNameAndDC = strDomainName else strDomainNameAndDC = strDomainName & "\" & strDC
wscript.echo strDomainNameAndDC
Set objNetwork = CreateObject("WScript.Network")
strComputer = objNetwork.ComputerName
Set objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\" & strComputer & "\root\cimv2:Win32_ComputerSystem.Name='" & strComputer & "'")
'ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomainName, strPassword, strDomainName & "\" & strUserName, NULL, NETSETUP_JOIN_DOMAIN + NETSETUP_JOIN_READONLY + NETSETUP_MACHINE_PWD_PASSED)
' Perform the join/unjoin operation
if UnjoinDomain = 1 then
ReturnValue = objComputer.UnjoinDomainOrWorkGroup(strPassword, optionAux, Options)
else
ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomainNameAndDC, strPassword, optionAux, optionOU, Options)
end if
' Report success messages
if ReturnValue = 0 then
if JoinWorkgroup = 1 then
wscript.echo "Welcome to the workgroup: " & strDomainName
wscript.quit(0)
end if
if UnjoinDomain = 1 then
wscript.echo "The machine was unjoined from the domain."
wscript.quit(0)
end if
if JoinWorkgroup = 0 then
wscript.echo "Welcome to the domain: " & strDomainName
wscript.quit(0)
end if
else
wscript.echo "Error: " & ReturnValue
end if