Automating the Creation of Computer Objects

Importing Computers with CSVDE

You were introduced to the Comma-Separated Values Data Exchange (CSVDE) command earlier.
CSVDE is a command-line tool that imports or exports Active Directory objects from or to a comma-delimited text file (also known as a comma-separated value text file, or .csv file).
The basic syntax of the CSVDE command is:
csvde [-i] [-f “Filename”] [-k]

Use the buttons below to navigate through the lesson

The —i parameter specifies import mode; without it, the default mode of CSVDE is export.
The —f parameter identifies the file name to import from or export to.
The —k parameter is useful during import operations because it instructs CSVDE to ignore errors including Object Already Exists, Constraint Violation, and Attribute Or Value Already Exists. Comma-delimited files can be created, modified, and opened with tools as familiar as Notepad and Microsoft Office Excel. The first line of the file defines the attributes by their Lightweight Directory Access Protocol (LDAP) attribute names. Each object follows, one per line, and must contain exactly the attributes listed on the first line.

Importing Computers with LDIFDE

Earlier you were introduced you to Ldifde.exe, which imports data from files in the Lightweight Directory Access Protocol Data Interchange Format (LDIF) format. LDIF files are text files within which operations are specified by a block of lines separated by a blank line. Each operation begins with the DN attribute of the object that is the target of the operation. The next line, changeType, specifies the type of operation: add, modify, or delete.
The following listing is an LDIF file that will create two server accounts:

Creating Computers with Dsadd

The Dsadd command has been used in previous chapters to create objects in Active Directory.
To create computer objects, simply type dsadd computer ComputerDN where ComputerDN is the distinguished name (DN) of the computer, such as

If the computer’s DN includes a space, surround the entire DN with quotation marks. The ComputerDN parameter can include more than one distinguished name for new computer objects, making Dsadd Computer a handy way to generate multiple objects at once. The parameter can be entered in one of the following ways:

  • By piping a list of DNs from another command such as Dsquery.
  • By typing each DN on the command line, separated by spaces.
  • By leaving the DN parameter empty, at which point, you can type the DNs, one at a time, at the keyboard console of the command prompt. Press Enter after each DN. Press Ctrl+Z and Enter after the last DN.

The Dsadd Computer command can take the following optional parameters after the DN parameter:

  • -samid SAMName
  • -desc Description
  • -loc Location

Creating Computers with Netdom

The Netdom command is also able to perform a variety of domain account and security tasks from the command line. Earlier you learned to use Netdom to join a computer to the domain. You can also use it to create a computer account by typing the following command:
netdom add ComputerName /domain:DomainName [/ou:OUDN]
[/userd:User /PasswordD:Password]

This command creates the computer account for ComputerName in the domain indicated by the domain parameter, using the credentials specified by UserD and PasswordD. The ou parameter causes the object to be created in the OU specified by the OUDN distinguished name following the parameter. If no OUDN is supplied, the computer account is created in the default computer container. The user credentials must have permissions to create computer objects.

Creating Computers with Windows PowerShell

Windows PowerShell, is the new administrative and automation shell for Windows platforms. You learned earlier how to create users in that chapter.
As with user objects, you can create computer objects by following these high-level steps:

  1. Connect to the container (the OU) in which you want to create a computer.
  2. Use the Create method of the container to create the computer.
  3. Populate mandatory attributes.
  4. Commit your changes.

To connect to an OU in Windows PowerShell, type the following at a PowerShell prompt:
$objOU = [ADSI]”LDAP://DN of OU”
The command creates an object reference stored in the $objOU variable that represents the OU. You can now invoke the methods of the OU, using the $objOU variable.

To create a computer, use the Create method by typing the following:
$objComputer = $objOU.Create(“computer”,”CN=Computer CN”)

Next, you must configure two attributes. The first is the computer’s pre-Windows 2000 logon name, the sAMAccountName attribute, which is the computer’s name appended with a dollar sign ($). The second is the computer’s userAccountControl attribute, which must be set to 4096 (0x1000 in hexadecimal). The userAccountControl attribute is a series of flags, 1 bit each. This bit indicates that the account is for a domain member. Without it, a computer will not be able to join the domain by using the account.

$objComputer.Put(“sAMAccountName”, “ComputerName$”)
$objComputer.Put(“userAccountControl”, 4096)

You can set other attributes at this time as well. For example, you can set description or info. When you have finished configuring attributes, you must commit your changes with the following code.

Creating Computers with VBScript

VBScript uses the same Active Directory Services Interface (ADSI) as does Windows PowerShell to manipulate Active Directory objects, so the steps to create a computer are identical: connect to the container, create the object, populate its attributes, and commit the changes. The following code will create a computer in the domain:

Set objOU = GetObject(“LDAP://DN of OU”)
Set objComputer = objOU.Create(“computer”,”CN=Computer CN”)
objComputer.Put “sAMAccountName”, “ComputerName$”
objComputer.Put “userAccountControl”, 4096