[Samba] [SOLVE] Batch computer account creation

Thomas Sondag thomas.sondag at gmail.com
Thu Jul 30 01:42:53 MDT 2009 

I found the solution by setting userAccountControl to "4096" ( the
samba net ads join set this value to "69632" and I think that's
incorrect )

If somebody is interested :


#! /usr/bin/perl

use strict;
use Net::LDAP;
use Net::LDAP::Entry;

my $base_dn = "DC=my,DC=domain";
my $computer_name = "host02";
my $computer_branche = "OU=Workstations";
my $computer_dn = "CN=$computer_name,$computer_branche,$base_dn";
my $domain = "my.domain";

my $ldap = Net::LDAP->new( 'ldap://epluxsdc01') or die "$@";

my $mesg = $ldap->bind ("CN=Administrator,CN=Users,$base_dn", password
=> "password");
$mesg->code && die $mesg->error;

my $entry = Net::LDAP::Entry->new;
$entry->dn("$computer_dn");
$entry->add (
  objectClass => [ qw(top person organizationalPerson user computer) ],
  cn => "$computer_name",
  name => $computer_name,
  dNSHostName => $computer_name . '.ep.parl.union.eu' ,
  sAMAccountName => uc($computer_name) .'$',
  objectCategory => "CN=Computer,CN=Schema,CN=Configuration,$base_dn",
  operatingSystem => 'EP Linux Desktop LXD',
  operatingSystemVersion => '3',
  mail => 'ISPcell-SALX at europarl.europa.eu',
  userPrincipalName => 'HOST/'. uc($computer_name) .'@'.uc($domain),
  servicePrincipalName => [
	"HOST/$computer_name.$domain",
	"HOST/$computer_name",
	"CIFS/$computer_name.$domain",
	"CIFS/$computer_name",
	"nfs/$computer_name.$domain",
	"nfs/$computer_name" ],
 userAccountControl => "4096",

 );

my $mesg = $entry->update ( $ldap ); # update directory server
$mesg->code && die $mesg->error;


my $mesg = $ldap->search( # perform a search
                        base   => "$base_dn",
                        filter => "CN=$computer_name"
                      );

$mesg->code && die $mesg->error;

foreach my $entry ($mesg->entries) {

  foreach my $attr ( $entry->attributes) {

    if ($attr eq "objectSid" or $attr eq "objectGUID" ) {

      print "$attr : ". _sid2string($entry->get_value ($attr))."\n"

    } else {
	
      print "$attr : ". $entry->get_value ($attr)."\n";
    }
  }
}

sub _sid2string {
    my $sid = shift;
    my (@unpack) = unpack( "H2 H2 n N V*", $sid );
    my ( $sid_rev, $num_auths, $id1, $id2, @ids ) = (@unpack);
    my $string = join( "-", "S", $sid_rev, ( $id1 << 32 ) + $id2, @ids );
    return $string;
}

sub _string2sid {
    my $string = shift;
    my (@split) = split( m/\-/, $string );
    my ( $prefix, $sid_rev, $auth_id, @ids ) = (@split);
    if ( $auth_id != scalar(@ids) ) {
        die "bad string: $string";
    }

    my $sid = pack( "C4", "$sid_rev", "$auth_id", 0, 0 );
    $sid .= pack( "C4",
        ( $auth_id & 0xff000000 ) >> 24,
        ( $auth_id & 0x00ff0000 ) >> 16,
        ( $auth_id & 0x0000ff00 ) >> 8,
        $auth_id & 0x000000ff );

    for my $i (@ids) {
        $sid .= pack( "I", $i );
    }

    return $sid;
}

More information about the samba mailing list