VBSCRIPT: Add New Domain's Admins to Local Administrators Programmatically

In order for Active Directory Migration Tool (ADMT) to install its Agent on a newly migrated computer, the user running the ADMT tool must have local Administrator access. Otherwise, the error log shows something similar to the following:

WRN1:7290 Processor architecture for machine \NT4MACHINE is unknown, Error accessing registry key SYSTEM\CurrentControlSet\Control\Session Manager\Environment rc=5 Access is denied. Failed to install agent on \NT4MACHINE, rc=5 Access is denied. Unable to access ADMIN$ share on the machine 'NT4MACHINE'. Make sure the share exists and the account running ADMT is a member of local administrators group on the machine 'NT4MACHINE'. hr=0x80070005. Access is denied.

Here is a basic script that will go through each of the Windows workstations on the old domain and add the new domain's "Domain Admins" group to the workstation's local Administrators group. If the machine is a Windows Server OS, it will be ignored. Change the newDomain and oldDomain variables to match your network.

newDomain = "NEW2K3" oldDomain = "OLDNT4"

Set objADGroup = GetObject("WinNT://" & newDomain & "/Domain Admins,group") Set objOldDomain = GetObject("WinNT://" & oldDomain) objOldDomain.Filter = Array("Computer") For Each Computer In objOldDomain strComputer = Computer.Name Set objWMIService = GetObject("winmgmts:" & strComputer & "\root\cimv2") Set colSettings = objWMIService.ExecQuery ("SELECT * FROM Win32_OperatingSystem") For Each objOperatingSystem in colSettings If InStr(UCase(objOperatingSystem.Name),"SERVER") = 0 Then Set objLocalGroup = GetObject("WinNT://" & strComputer & "/Administrators,group") objLocalGroup.Add(objADGroup.AdsPath) Set objLocalGroup = Nothing End If Next Set colSettings = Nothing Set objWMIService = Nothing Next Set objADGroup = Nothing

Also, if you do not have the workstation's primary DNS server set to the new domain's DNS servers, ADMT will quit with the following error: ERR3:7075 Failed to change domain affilation, hr=8007054b The specified domain either does not exist or could not be contacted.

oldDomain = "OLDNT4" DNSServerArray = "192.168.1.1,192.168.1.2"

Set objOldDomain = GetObject("WinNT://" & oldDomain) objOldDomain.Filter = Array("Computer") For Each Computer In objOldDomain strComputer = Computer.Name Set objWMIService = GetObject("winmgmts:" & strComputer & "\root\cimv2") Set colSettings = objWMIService.ExecQuery ("SELECT * FROM Win32_OperatingSystem") For Each objOperatingSystem in colSettings If InStr(UCase(objOperatingSystem.Name),"SERVER") = 0 Then arrNewDNSServerSearchOrder = Array(DNSServerArray) Set colNicConfigs = objWMIService.ExecQuery("SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = True") For Each objNicConfig In colNicConfigs intSetDNSServers = objNicConfig.SetDNSServerSearchOrder(arrNewDNSServerSearchOrder) If intSetDNSServers = 0 Then Wscript.Echo "Oops, problem on " & strComputer Next End If Next Set colSettings = Nothing Set objWMIService = Nothing Next

Also, that probably won't be effective on machines set to accept DNS servers via DHCP, though I haven't tested. Be sure you reboot after resetting the DNS, otherwise, you'll run into the following error: The ADSI property cannot be found in the property cache ErrCode=8000500d Go ahead and reboot the workstation, it should solve the problem.