Add a Computer to an AD Group with Batch and VBScript

Comments None

This script can be run on any computer to add that computer to an AD Group. This is very helpful if you are imaging a few hundred machines and you need to add the machine to a couple of Groups and you don’t want to have to login to the DC machine and manually add in each device.

The script is made up of two parts, the first is a CMD file. This is done so that you can right-click Run As a Domain admin. It also speeds up the process if you are adding the device to more than one group. The second part is the VBScript that will actually add the device to the group.

The CMD File

The first part of the CMD file checks to see if it is being run as an Admin.

goto check_Permissions
echo Administrative permissions required. Detecting permissions…
net session >nul 2>&1
if errorLevel == 0 (
echo Success: Administrative permissions confirmed.
) else (
echo Failure: Current permissions inadequate.

‘Define the folder where the VBScripts for each group are located

‘Call the VBScripts for each group
Cscript.exe “%GROUPSOURCEDIR%GroupOne.vbs”
Cscript.exe “%GROUPSOURCEDIR%GroupTwo.vbs”

The VBScript

Here is where we actually add the computer to the group. I got this script from Jyri Lehtonen’s website.

Option Explicit
Dim objSysInfo, objComputer, strComputerDN, strLDAPofADSG
Dim objComputerGroupPath, objComputerGroup
‘ *********************************************************************************
‘ ** Configure the script
‘ ** Example LDAP path:
‘ **    “CN=Your_SecuritGroup,OU=Your_Sub_OU,OU=Your_main_OU,DC=Your_domain,DC=Your_domain_locale”
‘ *********************************************************************************
strLDAPofADSG = “CN=GroupOne,OU=Groups,OU=DHM,DC=mydomain,DC=com”
‘ *********************************************************************************
‘ Get the current computer information
Set objSysInfo = CreateObject(“ADSystemInfo”)
strComputerDN = objSysInfo.ComputerName
‘Uncomment this, to receive debug information:
‘ Get the LDAP of the current computer
Set objComputer = GetObject(“LDAP://” & strComputerDN)
‘Uncomment this, to receive debug information:
‘msgbox(“LDAP://” & strComputerDN)
‘ Set the LDAP of the security group
objComputerGroupPath = strLDAPofADSG
Set objComputerGroup = GetObject(“LDAP://” & objComputerGroupPath)
‘Uncomment this, to receive debug information:
‘msgbox(“LDAP://” & objComputerGroupPath)
‘ Add computer to group, if not already member.
If (objComputerGroup.IsMember(objComputer.AdsPath) = False) Then
End If

It took me quite a while to find a tutorial that adequately explained the process and which was also trying to do the same thing that I was. Most search results all assumed I was a Domain Admin with access to the Deployment server. Unfortunately in my current position I am just one of the grunts and I am imaging PCs from a USB disk and then joining them to the domain with a custom script. And the project I am working on requires me to also install VLC, the OWA S/MIME plugin, and then to put each machine into two AD Groups for further software deployment. Hopefully this script will cut down on the time I spend logging into the DC to add each device as it is joined to the domain.

Categories ,


There are currently no comments on this article.


Enter your comment below. Fields marked * are required. You must preview your comment before submitting it.

← Older Newer →