Monday, August 4, 2008

Add Domin Admins To Local Admins

Issue:
Add Domain Adimins to workstation local admins group via script.


Quick:
Here is a link to a blog talking about this issue


Visual /Learning:
------Text From the Link at netnerds.net-------
In order for Active Directory Migration Tool (ADMT) to install its Agent on a newly migrated computer, the user running the ADMT tool must have local Administrator access. Otherwise, the error log shows something similar to the following:

WRN1:7290 Processor architecture for machine \NT4MACHINE is unknown, Error accessing registry key SYSTEM\CurrentControlSet\Control\Session Manager\Environment rc=5 Access is denied.Failed to install agent on \NT4MACHINE, rc=5 Access is denied. Unable to access ADMIN$ share on the machine 'NT4MACHINE'. Make sure the share exists and the account running ADMT is a member of local administrators group on the machine 'NT4MACHINE'. hr=0x80070005. Access is denied.

Here is a basic script that will go through each of the Windows workstations on the old domain and add the new domain's "Domain Admins" group to the workstation's local Administrators group. If the machine is a Windows Server OS, it will be ignored. Change the newDomain and oldDomain variables to match your network.

newDomain = "NEW2K3"
oldDomain = "OLDNT4"

Set objADGroup = GetObject("WinNT://" & newDomain & "/Domain Admins,group")
Set objOldDomain = GetObject("WinNT://" & oldDomain)
objOldDomain.Filter = Array("Computer")
For Each Computer In objOldDomain
strComputer = Computer.Name
Set objWMIService = GetObject("winmgmts:" & strComputer & "\root\cimv2")
Set colSettings = objWMIService.ExecQuery ("SELECT * FROM Win32_OperatingSystem")
For Each objOperatingSystem in colSettings
If InStr(UCase(objOperatingSystem.Name),"SERVER") = 0 Then
Set objLocalGroup = GetObject("WinNT://" & strComputer & "/Administrators,group")objLocalGroup.Add(objADGroup.AdsPath)
Set objLocalGroup = Nothing
End IfNextSet colSettings = Nothing
Set objWMIService = Nothing
Next
Set objADGroup = Nothing

------End Text From Link ------
Posted by Jimmy at 1:50 PM
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)