<WriteActionModuleType ID="SCE_Add_ManagedComputerWA" Accessibility="Internal" Batching="false">
<Configuration/>
<ModuleImplementation>
<Composite>
<MemberModules>
<WriteAction ID="WA" TypeID="Windows!Microsoft.Windows.ScriptWriteAction">
<ScriptName>SCE_Add_ManagedComputer.vbs</ScriptName>
<Arguments>$Data/Params/Param[1]$ $Target/ManagementGroup/Name$</Arguments>
<ScriptBody><Script>
'*************************************************************************
' Script Name - Add a computer to AD security group
'
' Purpose - Adds given comptuer to AD security group
'
' Assumptions - Script is triggered by a agent approval event.
'
' Parameters - If run from a command line, the first argument is the
' computer name to add.
'
' (c) Copyright 2006, Microsoft Corporation, All Rights Reserved
' Proprietary and confidential to Microsoft Corporation
'*************************************************************************
Option Explicit
SetLocale("en-us")
Dim strGroupDN, strDN, strCompName, strSGName
Dim objRootDSE, objADGroup, oParams, oAPI, objConnection, objCommand, objRecordSet
On Error Resume Next
Set objRootDSE = GetObject("LDAP://rootDSE")
If objRootDSE is Nothing Then
ScriptError "failed to get rootDSE. " & _
GetErrorString(Err)
End If
Set oParams = WScript.Arguments
if oParams.Count < 2 Then
Wscript.quit -1
End if
strCompName = Split(oParams(0), ".", -1)
Set oAPI = CreateObject("Mom.ScriptAPI")
If oAPI is Nothing Then
ScriptError "failed to get OpsMgr Script API. " & _
GetErrorString(Err)
End If
strSGName = AD_SECURITY_GROUP_NAME_PREFIX & " (" & oParams(1) & ")"
strGroupDN = "LDAP://cn=" & strSGName & ",cn=Users," & objRootDSE.Get("defaultNamingContext")
If Err.number <> 0 Then
ScriptError "failed to get defaultNamingContext. " & _
GetErrorString(Err)
End If
Set objADGroup = GetObject(strGroupDN)
If objADGroup is Nothing Then
ScriptError "failed to get the security group '" & _
strSGName & "'." & GetErrorString(Err)
Else
Set objConnection = CreateObject("ADODB.Connection")
If objConnection is Nothing Then
ScriptError "failed to create ADODB.Connection. " & _
GetErrorString(Err)
End If
objConnection.Open "Provider=ADsDSOObject;"
Set objCommand = CreateObject("ADODB.Command")
If objCommand is Nothing Then
ScriptError "failed to create ADODB.Command. " & _
GetErrorString(Err)
End If
objCommand.ActiveConnection = objConnection
objCommand.CommandText = _
"<GC://" & objRootDSE.Get("defaultNamingContext") & ">;(&(objectCategory=computer)(dnsHostName=" & oParams(0) & "*))" & _
";distinguishedName,name;subtree"
If Err.number <> 0 Then
ScriptError "failed to get defaultNamingContext(2). " & _
GetErrorString(Err)
End If
Set objRecordSet = objCommand.Execute
strDN = objRecordSet.Fields("distinguishedName")
If Err.number <> 0 Then
' The computer could not be found in AD. This may be bcoz computer was workgroup joined computer
' In that case just keep the warning in the event log and do not show an alert to user
If Err.number = 3021 Then
CreateEvent EVENTID_SUCCESS, EVENT_TYPE_WARNING, "The script '" & SCRIPT_NAME & _
"' could not add the computer'" & strCompName(0) & _
"' to the security group: " & _
strSGName & " because it could not find its entry in Active Directory." &_
" The computer may be workgroup joined computer. AD returned error: " & GetErrorString(Err)
WScript.Quit
Else
ScriptError "failed to computer '" & _
oParams(0) & "' from AD." & GetErrorString(Err)
End If
End If
' Error -2147019886 is "The object already exists." We don't want to alert if
' object already exist
If (Err.number <> 0 And Err.Number <> -2147019886) Then
ScriptError "failed to add the computer " & strCompName(0) & " to " & _
strSGName & "' security group." & GetErrorString(Err)
Else
' We can drop a success event here
CreateEvent EVENTID_SUCCESS, EVENT_TYPE_INFORMATION, "The script '" & SCRIPT_NAME & _
"' successfully added the computer'" & strCompName(0) & _
"' to the security group:" & vbCrLf & _
strSGName
End If
End If
'******************************************************************************
Sub ScriptError(strMessage)
'
' Purpose: To generate a script error message that will help the user
' clean up manually.
'
' Arguments: strMessage, the message to include in the event
'
' Returns: nothing
'
CreateEvent EVENTID_SCRIPT_ERROR, EVENT_TYPE_WARNING, "The script '" & SCRIPT_NAME & _
"' " & strMessage
WScript.Quit
End Sub
'******************************************************************************
Sub CreateEvent(lEventID, lEventType, strMessage)
'
' Purpose: To generate an event (will work when hosted either by MOM or by WSH)
'
' Arguments: lEventID, the event code
' lEventType, the severity of the event
' strMessage, the message to include in the event
'
' Returns: nothing
oAPI.LogScriptEvent SCRIPT_NAME, lEventID, lEventType, strMessage
End Sub
'******************************************************************************
Function GetErrorString(oErr)
'
' Purpose: Attempts to find the description for an error if an error with
' no description is passed in.
'
' Parameters: oErr, the error object
'
' Return: String, the description for the error. (Includes the error code.)
'
Dim lErr, strErr
lErr = oErr
strErr = oErr.Description
On Error Resume Next
If 0 >= Len(strErr) Then
' If we don't have an error description, then check to see if the error
' is a 0x8007xxxx error. If it is, then look it up.
Const ErrorMask = &HFFFF0000
Const HiWord8007 = &H80070000
Const LoWordMask = 65535 ' This is equivalent to 0x0000FFFF
If (lErr And ErrorMask) = HiWord8007 Then
' Attempt to use 'net helpmsg' to get a description for the error.
Dim oShell
Set oShell = CreateObject("WScript.Shell")
If Err = 0 Then
Dim oExec
Set oExec = oShell.Exec("net helpmsg " & (lErr And LoWordMask))
Dim strMessage, i
Do
strMessage = oExec.stdout.ReadLine()
i = i + 1
Loop While (Len(strMessage) = 0) And (i < 5)
strErr = strMessage
End If
End If
End If
GetErrorString = vbCrLf & "The error returned was: '" & strErr & "' (0x" & Hex(lErr) & ")"
End Function </Script></ScriptBody>
<TimeoutSeconds>300</TimeoutSeconds>
</WriteAction>
</MemberModules>
<Composition>
<Node ID="WA"/>
</Composition>
</Composite>
</ModuleImplementation>
<InputType>System!System.BaseData</InputType>
</WriteActionModuleType>