VBSCRIPT: Add New Domain's Admins to Local Administrators Programmatically

calendar Jul 28, 2006 · 3 min read  ·
Share on: linkedin bluesky copy

In order for Active Directory Migration Tool (ADMT) to install its Agent on a newly migrated computer, the user running the ADMT tool must have local Administrator access. Otherwise, the error log shows something similar to the following:

1WRN1:7290 Processor architecture for machine \\NT4MACHINE is unknown, Error accessing registry key SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Environment rc=5 Access is denied. Failed to install agent on \\NT4MACHINE, rc=5 Access is denied. Unable to access ADMIN$ share on the machine 'NT4MACHINE'. Make sure the share exists and the account running ADMT is a member of local administrators group on the machine 'NT4MACHINE'. hr=0x80070005. Access is denied.

Here is a basic script that will go through each of the Windows workstations on the old domain and add the new domain's "Domain Admins" group to the workstation's local Administrators group. If the machine is a Windows Server OS, it will be ignored. Change the newDomain and oldDomain variables to match your network.

 1newDomain = "NEW2K3"
 2oldDomain = "OLDNT4"
 3
 4Set objADGroup  = GetObject("WinNT://" & newDomain & "/Domain Admins,group")
 5Set objOldDomain = GetObject("WinNT://" & oldDomain)
 6objOldDomain.Filter = Array("Computer")
 7
 8For Each Computer In objOldDomain
 9  strComputer = Computer.Name
10
11  Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\\root\\cimv2")
12  Set colSettings   = objWMIService.ExecQuery("SELECT * FROM Win32_OperatingSystem")
13
14  For Each objOperatingSystem In colSettings
15    If InStr(UCase(objOperatingSystem.Name), "SERVER") = 0 Then
16      Set objLocalGroup = GetObject("WinNT://" & strComputer & "/Administrators,group")
17      objLocalGroup.Add objADGroup.AdsPath
18      Set objLocalGroup = Nothing
19    End If
20  Next
21
22  Set colSettings   = Nothing
23  Set objWMIService = Nothing
24Next
25
26Set objADGroup = Nothing

Also, if you do not have the workstation's primary DNS server set to the new domain's DNS servers, ADMT will quit with the following error:

ERR3:7075 Failed to change domain affilation, hr=8007054b The specified domain either does not exist or could not be contacted.

 1oldDomain      = "OLDNT4"
 2DNSServerArray = "192.168.1.1,192.168.1.2"
 3
 4Set objOldDomain = GetObject("WinNT://" & oldDomain)
 5objOldDomain.Filter = Array("Computer")
 6
 7For Each Computer In objOldDomain
 8  strComputer = Computer.Name
 9
10  Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\\root\\cimv2")
11  Set colSettings   = objWMIService.ExecQuery("SELECT * FROM Win32_OperatingSystem")
12
13  For Each objOperatingSystem In colSettings
14    If InStr(UCase(objOperatingSystem.Name), "SERVER") = 0 Then
15      arrNewDNSServerSearchOrder = Array(DNSServerArray)
16
17      Set colNicConfigs = objWMIService.ExecQuery( _
18        "SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = True")
19
20      For Each objNicConfig In colNicConfigs
21        intSetDNSServers = objNicConfig.SetDNSServerSearchOrder(arrNewDNSServerSearchOrder)
22        If intSetDNSServers = 0 Then
23          Wscript.Echo "Oops, problem on " & strComputer
24        End If
25      Next
26    End If
27  Next
28
29  Set colSettings   = Nothing
30  Set objWMIService = Nothing
31Next

Also, that probably won't be effective on machines set to accept DNS servers via DHCP, though I haven't tested. Be sure you reboot after resetting the DNS, otherwise, you'll run into the following error: The ADSI property cannot be found in the property cache ErrCode=8000500d Go ahead and reboot the workstation, it should solve the problem.