' clonepr.vbt start ' CloneSecurityPrincipal sample VBScript ' ' Clones accounts from one domain to another ' ' Copyright (c) 1999 Microsoft Corporation // this is a Visual Basic Script "Template", used in conjunction with the // MS Visual C++ Preprocessor to overcome some of the source management // limitations of VBScript. Not perfect, but better than a stick in the eye. // // use cl /EP foo.vbt > foo.vbs to expand the template const SCRIPT_FILENAME = "clonepr.vbs" const SCRIPT_SOURCE_NAME = __FILE__ const SCRIPT_DATE = __DATE__ const SCRIPT_TIME = __TIME__ const ARG_COUNT = 7 // this is all our common code. #include "clonepr.vbi" Main wscript.quit(0) sub Main if wscript.arguments.count <> ARG_COUNT then PrintUsageAndQuit end if ' copy the command-line arguments for parsing dim args() Redim args(0) args(0) = "" dim i for i = 0 to wscript.arguments.count - 1 Redim Preserve args(i) args(i) = wscript.arguments.item(i) next ' command line parameters dim srcDC ' source domain controller dim srcDom ' source domain dim srcSam ' source principal SAM name dim dstDC ' destination controller dim dstDom ' destination domain dim dstSam ' destination principal SAM name dim dstCN ' CN=dstSam dim dstCNnew ' CN=dstSam, escaped dim dstDNTmp ' destination principal Full Distinguished Name dim dstDN ' destination principal Full Distinguished Name, escaped ' parse the saved command-line arguments, extracting the values srcDC = GetArgValue("srcdc", args) srcDom = GetArgValue("srcdom", args) srcSam = GetArgValue("srcsam", args) dstDC = GetArgValue("dstdc", args) dstDom = GetArgValue("dstdom", args) dstSam = GetArgValue("dstsam", args) dstDNTmp= GetArgValue("dstdn", args) dstCN = "CN=" & dstSam dstCNnew= adsPathname.GetEscapedElement(0, dstCN) If (UCase(dstCN) <> UCase(dstCNnew)) And (UCase(dstCN) = UCase(Left(dstDNTmp, Len(dstCN)))) Then dstDN = dstCNnew & Mid(dstDNTmp, Len(dstCN) + 1) Else dstDN = dstDNTmp End If ' ensure the user did not pass any unrecognized command-line arguments if CheckForBadArgs(args) then Echo "Unknown command-line arguments specified" PrintUsageAndQuit end if ' establish authenticate connections to the source and destination domain ' controllers on error resume next clonepr.Connect srcDC, srcDom, dstDC, dstDom if Err.Number then DumpErrAndQuit Echo "Connected to source and destination domain controllers" ' bind to the source object dim srcPath srcPath = "WinNT://" & srcDom & "/" & srcDC & "/" & srcSam dim srcObject set srcObject = GetObject(srcPath) select case Err.Number case E_ADS_UNKNOWN_OBJECT Bail "Source object " & srcSam & " not found. Path used: " & srcPath case 0 ' do nothing case else DumpErrAndQuit end select Echo "Bound to source " & srcObject.Class & " " & srcObject.Name if ShouldCloneObject(srcObject) then CloneSecurityPrincipal srcObject, srcSam, dstDom, dstDC, dstSam, dstDN end if end sub function ShouldCloneObject(byref srcObject) on error resume next sid.SetAs ADS_SID_WINNT_PATH, srcObject.AdsPath & "," & srcObject.Class if Err.Number then DumpErrAndQuit dim sidString sidString = sid.GetAs(ADS_SID_SDDL) if Err.Number then DumpErrAndQuit if IsBuiltInSid( sidString ) then Echo srcObject.Name & " is a builtin Account." Echo "BuiltIn Users and Groups cannot be cloned" ShouldCloneObject = False exit function end if ShouldCloneObject = True end function sub PrintUsageAndQuit Echo "Usage: cscript " & SCRIPT_FILENAME & " /srcdc: /srcdom:" Echo "/srcsam: /dstdc: /dstdom: /dstsam:" Echo "/dstdn" Echo "" Echo "Parameters:" Echo " /srcdc - source domain controller NetBIOS computer name (without leading \\)" Echo "" Echo " /srcdom - source domain NetBIOS name" Echo "" Echo " /srcsam - source principal SAM name" Echo "" Echo " /dstdc - destination domain controller NetBIOS computer name (without " Echo " leading \\)" Echo " This script must be run on the machine indicated here." Echo "" Echo " /dstdom - destination domain DNS name" Echo "" Echo " /dstsam - destination principal SAM name" Echo "" Echo " /dstdn - destination principal Full Distinguished Name" Echo "" Echo "Notes:" Echo "" Echo "If the destination principal does not exist, it will be created." Echo "In that case, the container naming context of the destination Full" Echo "Distinguished Name (i.e. the parent container) must exist." Echo "" Echo "Currently logged-on user must be a member of the Administrators" Echo "group of both the source and destination domains." Echo "" Echo SCRIPT_DATE & " " & SCRIPT_TIME wscript.quit(0) end sub ' clonepr.vbt end