Search AD for user and add to local administrators

Mar 25, 2010 at 10:59 AM

Hi,

I have been looking for a way to add a domain user to the local administrator group in MDT.

At the moment I use a batch script that runs after litetouch completion and searches tthrough dsquery.exe.

Is there a way to incorporrate it in the Frontend? A search function that finds a user in the active directory and adds username, and additional information to the database.

 

Coordinator
Mar 25, 2010 at 11:11 AM

Can you give me a bit more information on how you query for the users added to the local admins group? Do they have an attribute or something that identifies them as local admins on specific computers?

I`m playing around with some search functionality to ease selection of AD OUs. So might be worth thinking about a more generic way.

Mar 25, 2010 at 12:11 PM

This is the code I use to search the active directory. It is actualy a commandline tool dsquery that can search the AD on any searchterm.

It than looks up the other info attached to the object(account, group,...) and filters it depending on which filter you apply. 

Here I use a predefined variable %user% and %computername%. Dsquery searches for the usercode in %user% and then filters Name, Telephone, room and usercode. and adds it to the file %computername%.tmp

@ECHO OFF
PUSHD %~dp0
ECHO      Deleting 'guest' account from 'guests' group...
net localgroup guests guest /delete 2>NUL
:retry
SET user=
SET /P user=     Username to add to local Administrator group (Enter to skip): 
IF "%user%VOID" EQU "VOID" (
ECHO      No user name entered, skipped.
ECHO.
GOTO continue
)
CALL _get_user_information.bat
ECHO Name:      %Name%
ECHO Telephone: %Telephone%
ECHO Room:      %Room%
ECHO Usercode:  %Usercode%
ECHO.
SET /P choice=     Is this the correct user? (y/n) (Enter for 'y'):
IF "%choice%VOID" NEQ "VOID" (
goto bla
)
SET choice=y
:bla
IF "%choice%" NEQ "y" (
goto retry
)
net localgroup administrators TUE\%user% /add
:continue
POPD

Determening wich user is to be added to the local admin group is done by hand, either by asking the person or searching a database we have.

 

@ECHO OFF
PUSHD %~dp0

IF NOT EXIST c:\temp MD c:\temp

Programs\dsquery * -filter ((sAMAccountName=%user%*)) -attr cn -q >c:\temp\%computername%.tmp
FOR /F "Tokens=*" %%I IN (c:\temp\%computername%.tmp) DO SET Name=%%I

Programs\dsquery * -filter ((sAMAccountName=%user%*)) -attr telephoneNumber -q >c:\temp\%computername%.tmp
FOR /F "Tokens=*" %%I IN (c:\temp\%computername%.tmp) DO SET Telephone=%%I

Programs\dsquery * -filter ((sAMAccountName=%user%*)) -attr physicalDeliveryOfficeName -q >c:\temp\%computername%.tmp
FOR /F "Tokens=*" %%I IN (c:\temp\%computername%.tmp) DO SET Room=%%I

Programs\dsquery * -filter ((sAMAccountName=%user%*)) -attr sAMAccountName -q >c:\temp\%computername%.tmp
FOR /F "Tokens=*" %%I IN (c:\temp\%computername%.tmp) DO SET Usercode=%%I