VBSCRIPT: Add New Domain's Admins to Local Administrators Programmatically

In order for Active Directory Migration Tool (ADMT) to install its Agent on a newly migrated computer, the user running the ADMT tool must have local Administrator access. Otherwise, the error log shows something similar to the following:

WRN1:7290 Processor architecture for machine \NT4MACHINE is unknown, Error accessing registry key SYSTEM\CurrentControlSet\Control\Session Manager\Environment rc=5 Access is denied.
Failed to install agent on \NT4MACHINE, rc=5 Access is denied. Unable to access ADMIN$ share on the machine ‘NT4MACHINE’. Make sure the share exists and the account running ADMT is a member of local administrators group on the machine ‘NT4MACHINE’. hr=0x80070005. Access is denied.

Here is a basic script that will go through each of the Windows workstations on the old domain and add the new domain’s “Domain Admins” group to the workstation’s local Administrators group. If the machine is a Windows Server OS, it will be ignored. Change the newDomain and oldDomain variables to match your network.


newDomain = “NEW2K3”
oldDomain = “OLDNT4”

Set objADGroup = GetObject(“WinNT://” & newDomain & “/Domain Admins,group”)
Set objOldDomain = GetObject(“WinNT://” & oldDomain)
objOldDomain.Filter = Array(“Computer”)
For Each Computer In objOldDomain
strComputer = Computer.Name
Set objWMIService = GetObject(“winmgmts:” & strComputer & “\root\cimv2”)
Set colSettings = objWMIService.ExecQuery (“SELECT * FROM Win32_OperatingSystem”)
For Each objOperatingSystem in colSettings
If InStr(UCase(objOperatingSystem.Name),”SERVER”) = 0 Then
Set objLocalGroup = GetObject(“WinNT://” & strComputer & “/Administrators,group”)
objLocalGroup.Add(objADGroup.AdsPath)
Set objLocalGroup = Nothing
End If
Next
Set colSettings = Nothing
Set objWMIService = Nothing
Next
Set objADGroup = Nothing

Also, if you do not have the workstation’s primary DNS server set to the new domain’s DNS servers, ADMT will quit with the following error: ERR3:7075 Failed to change domain affilation, hr=8007054b The specified domain either does not exist or could not be contacted.


oldDomain = “OLDNT4”
DNSServerArray = “192.168.1.1,192.168.1.2”

Set objOldDomain = GetObject(“WinNT://” & oldDomain)
objOldDomain.Filter = Array(“Computer”)
For Each Computer In objOldDomain
strComputer = Computer.Name
Set objWMIService = GetObject(“winmgmts:” & strComputer & “\root\cimv2”)
Set colSettings = objWMIService.ExecQuery (“SELECT * FROM Win32_OperatingSystem”)
For Each objOperatingSystem in colSettings
If InStr(UCase(objOperatingSystem.Name),”SERVER”) = 0 Then
arrNewDNSServerSearchOrder = Array(DNSServerArray)
Set colNicConfigs = objWMIService.ExecQuery(“SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = True”)
For Each objNicConfig In colNicConfigs
intSetDNSServers = objNicConfig.SetDNSServerSearchOrder(arrNewDNSServerSearchOrder)
If intSetDNSServers = 0 Then Wscript.Echo “Oops, problem on ” & strComputer
Next
End If
Next
Set colSettings = Nothing
Set objWMIService = Nothing
Next

Also, that probably won’t be effective on machines set to accept DNS servers via DHCP, though I haven’t tested. Be sure you reboot after resetting the DNS, otherwise, you’ll run into the following error: The ADSI property cannot be found in the property cache ErrCode=8000500d Go ahead and reboot the workstation, it should solve the problem.

Chrissy is a Cloud and Datacenter Management & Data Platform MVP who has worked in IT for over 20 years. She is the creator of the popular SQL PowerShell module dbatools, holds a master's degree in Systems Engineering and is coauthor of Learn dbatools in a Month of Lunches. Chrissy is certified in SQL Server, Linux, SharePoint and network security. You can follow her on Twitter at @cl.

Posted in Active Directory, VBScript