You can find the user who joined a computer to domain through below script.
1. Open notepad and paste below script, Save it filname.bat.
1. Open CMD as Administrator and execute the filename.bat
2. Enter computer name.
====================================================================
setlocal
if %1z == z echo Find who joined what computer account to domain& set /p PCName=(use SAMAccount, (EX: %COMPUTERNAME%, not FQDN): &goto main
set PCName=%1
:main
rem note this is back single quote, ` and not '
rem put DN into environment variable DN
for /f "usebackq delims=;" %%x in (`dsquery computer forestroot -samid %PCName%$`) do (
SET DN=%%x
)
REM Find the line you want
for /f "usebackq delims=;" %%x in (`dsacls %DN% ^| find /i "DNS" ^| find /v "SELF"`) do (
SET output=%%x
)
cls
rem start at 6, go thru 25. Should be enough
set ObjCreator=%output:~6,25%
set ObjCreator | find "Domain Admins" > nul
if %errorlevel%==0 goto DA
set ObjCreator | find "Enterprise Admins" > nul
if %errorlevel%==0 goto EA
:IsEmpty
set ObjCreator | find "\" > nul
if %errorlevel%==1 goto NotFound
echo %PCName% joined to the domain by %ObjCreator%
for /f "tokens=1,2 delims=\" %%a in ("%ObjCreator%") do set NTName=%%b
dsquery user forestroot -samid %NTName% -o rdn
Goto DateCreated
:DA
echo %PCName% joined by a member of Domain Admins.
echo They are not individually identified in AD.
goto DateCreated
:EA
echo %PCName% joined by a member of Enterprise Admins.
echo They are not individually identified in AD.
Goto DateCreated
:DateCreated
Echo.
echo AD account creation:
dsquery * forestroot -filter "(&(objectCategory=computer)(samaccountname=%PCName%$))" -attr whenCreated
Goto End
:NotFound
Echo Computer account %PCName% was not found
:end
Endlocal
pause
=============================================================================
No comments:
Post a Comment