VBScript to Add users Security Group to local computer if Computer object is under specific OU. For Security reason we always need to make sure that only specific security groups are administrators of specific computers. This will always be the business requirement. With below script you can obtain this. Include this script in in the GPO and Add in to user logon script.
DIM objNetwork
DIM computerName
DIM ou
set objNetwork = createobject(“Wscript.Network”)
computerName = objNetwork.ComputerName
ou = getOUByComputerName(computerName)
on error resume next
Select Case ou
Case “OU=Computers,DC=domain,DC=com”
set group = GetObject(“WinNT://”& computerName &”/Administrators”)
group.Add “WinNT://domain/Group”
err.clear
Case “OU=Computers1,DC=domain,DC=com”
set group = GetObject(“WinNT://”& computerName &”/Administrators”)
group.Add “WinNT://domain/Group1”
err.clear
End Select
function getOUByComputerName(byval computerName)
DIM namingContext, ldapFilter, ou
DIM cn, cmd, rs
DIM objRootDSE
set objRootDSE = getobject(“LDAP://RootDSE”)
namingContext = objRootDSE.Get(“defaultNamingContext”)
set objRootDSE = nothing
ldapFilter = “<LDAP://” & namingContext & _
“>;(&(objectCategory=Computer)(name=” & computerName & “))” & _
“;distinguishedName;subtree”
Set cn = createobject(“ADODB.Connection”)
set cmd = createobject(“ADODB.Command”)
cn.open “Provider=ADsDSOObject;”
cmd.activeconnection = cn
cmd.commandtext = ldapFilter
set rs = cmd.execute
if rs.eof <> true and rs.bof <> true then
ou = rs(0)
ou = mid(ou,instr(ou,”,”)+1,len(ou)-instr(ou,”,”))
getOUByComputerName = ou
end if
rs.close
cn.close
end function
You can always find the copy from the below link
Shameless Null Neutrality