如何以编程方式(使用 .NET)将计算机添加到域?
我需要编写一个程序或脚本,以便在 Windows 安装后对服务器执行一些操作。其中包括将服务器添加到域中。
有没有办法以编程方式或使用脚本命令来执行此操作?
I need to write a program or script that does a few things with (or to) a server after a Windows install. Among those is adding the server to a domain.
Is there a way to do this programmatically or using a script command?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
如果您想从域控制器执行此操作:
来源:
net computer \\computername /add
如果您想从工作站执行此操作:
来源:
NETDOM JOIN /DOMAIN:[DOMAINNAME] /USERD:[USERNAME] /PASSWORDD:[PASSWORD]
If you want to do it from the Domain Controller:
Source:
net computer \\computername /add
If you want to do it from the workstation:
Source:
NETDOM JOIN /DOMAIN:[DOMAINNAME] /USERD:[USERNAME] /PASSWORDD:[PASSWORD]
如果你写一个程序,这并不容易,但这是可能的,你可以找到相应的代码示例。
首先,您应该在域中创建计算机帐户。为此,您可以使用 NetUserAdd 函数。您可以在 http:// 下找到相应的代码示例msdn.microsoft.com/en-us/library/aa370254%28VS.85%29.aspx。如果您已在相应目标 OU 的 Active Directory 中(以任何方式)创建了新的计算机帐户,则可以跳过此步骤。您只需了解该帐户的密码(密码将根据计算机名称构造,详细信息请参阅代码示例)。
接下来,您应该获取要添加计算机的域的 SID,最后您应该使用所谓的 LSA API 使所有工作在本地与
LsaSetTrustedDomainInformation
相关。您可以在 http://support.microsoft.com/kb/145697。
如果您确实必须在域中创建计算机帐户,请注意您始终使用同一个域控制器。否则,您可能会遇到小问题,直到新帐户将被复制到您使用的下一个域控制器(一个带有重试的小等待循环就足够了)。
PS 如果您在实施时遇到一些问题,您可以向我询问有关此主题的其他问题。
It is not easy if you write a program, but it is possible and you can find corresponding code examples.
First of all you should create computer account in the domain. To do this you can use
NetUserAdd
function. The corresponding code example you will find under http://msdn.microsoft.com/en-us/library/aa370254%28VS.85%29.aspx. If you have a new computer account already created in Active Directory (in any way) in the corresponding destination OU you can skip the step. You must only understand, which password have this account (the password will be constructed based on the computer name, see code example for details).Next you should get SID of Domain to which you add computer, and at the end you should use so-named LSA API to make all work locally with respect of
LsaSetTrustedDomainInformation
.The corresponding code example you can find in http://support.microsoft.com/kb/145697.
If you do have to create a omputer account in the domain, be careful that you all time works with the same domain controller. Otherwise you can have small problem till the new account will be replicated to the next domain controller which you use (a small waiting loop with retries can be sufficient).
P.S. If you receive some problems with the implementation you can ask me additional question about this subject.