[Samba] Batch computer account creation

Wed Jul 29 05:16:04 MDT 2009

I'm looking for a way to batch create a list of computers accounts in
Active directroy running on Windows 2000 PDC.
I tried to use perl ldap to create those objects but I didn't manage
to set the  sAMAccountType to  "805306369" ( apparently this is a read
only auto generated value)

Is there any way to do that under Linux ?

Thanks,
  Thomas

#! /usr/bin/perl

use strict;
use Net::LDAP;
use Net::LDAP::Entry;

my $base_dn = "DC=my,DC=domain";
my $computer_name = "host01";
my $computer_branche = "OU=Workstations";
my $computer_dn = "CN=$computer_name,$computer_branche,$base_dn";

my $ldap = Net::LDAP->new( 'ldap://20.20.1.11') or die "$@";

my $mesg = $ldap->bind ("CN=Administrator,CN=Users,$base_dn", password
=> "secret");
$mesg->code && die $mesg->error;

my $entry = Net::LDAP::Entry->new;
$entry->dn("$computer_dn");
$entry->add (
  objectClass => [ qw(top person organizationalPerson user computer) ],
  cn => "$computer_name",
  name => $computer_name,
  dNSHostName => $computer_name . '.ep.parl.union.eu' ,
  sAMAccountName => uc($computer_name) .'$',
  objectCategory => 'CN=Computer,CN=Schema,CN=Configuration,$base_dn',
  operatingSystem => 'EP Linux Desktop LXD',
  operatingSystemVersion => '3',
  mail => 'ISPcell-SALX at europarl.europa.eu',
  userPrincipalName => 'HOST/'. uc($computer_name) .'@MY.DOMAIN',
  servicePrincipalName => [
	'HOST/'. $computer_name .'.my.domain',
	'HOST/'. $computer_name,
	'CIFS/'. $computer_name .'.my.domain',
	'CIFS/'. $computer_name,
	'nfs/'. $computer_name .'.my.domain',
	'nfs/'. $computer_name ],
  userAccountControl => "544",
 );
my $mesg = $entry->update ( $ldap ); # update directory server
$mesg->code && die $mesg->error;

my $mesg = $ldap->modify ( "CN=Domain Computers,CN=Users,$base_dn",
  add => {
	"member" => "$computer_dn"
  }
);
$mesg->code && die $mesg->error;

my $mesg = $ldap->modify ( $computer_dn,
  replace => {
    "primaryGroupID" => "515"
  }
);
$mesg->code && die $mesg->error;

my $mesg = $ldap->modify ( "CN=Domain Users,CN=Users,$base_dn",
  delete => { "member" => "$computer_dn"
  }
);
$mesg->code && die $mesg->error;

my $mesg = $ldap->search( # perform a search
                        base   => "$base_dn",
                        filter => "CN=$computer_name"
                      );

$mesg->code && die $mesg->error;

# DEBUG
foreach my $entry ($mesg->entries) {

  foreach my $attr ( $entry->attributes) {

    if ($attr eq "objectSid" or $attr eq "objectGUID" ) {

      print "$attr : ". _sid2string($entry->get_value ($attr))."\n"

    } else {

      print "$attr : ". $entry->get_value ($attr)."\n";
    }
  }
}