JSI Tip 9577. How can I change the default number of computers an ordinary user can join to the domain?

An ordinary domain user can join 10 members to the domain by default.

Using ADFind.exe freeware and ADMod.exe freeware, I have scripted MachineAccountQuota.bat to alter the default.

The syntax for using MachineAccountQuota.bat is:

call MachineAccountQuota Number

Where Number is the new limit for the DNS domain you are logged onto.

NOTE: MachineAccountQuota.bat uses Numeric.bat, MachineAccountQuota.bat contains:

@echo off
setlocal
if \{%1\}==\{\}  goto err
set work=%1
set work=%work:"=%
call Numeric %work% OK
if "%OK%" EQU "N" goto err
if "%work%" EQU "0" goto OK
if "%work:~0,1%" EQU "0" goto err
set /a Number=%work%
call :getDomainDNS>nul 2>&1
if "%dn%" EQU "NONE" goto err
call :putDomainDNS>nul 2>&1
endlocal
goto :EOF
:getDomainDNS
set dn=NONE
for /f "Tokens=1* Delims=:" %%a in ('adfind -default -f "objectClass=DomainDNS" -nodn -noctl distinguishedName^|find /i "distinguishedName"') do (
 set dn=%%b
)
if "%dn%" EQU "NONE" goto :EOF
set dn=%dn:~1%
goto :EOF
:putDomainDNS
admod -b %dn% "ms-DS-MachineAccountQuota::%Number%"
goto :EOF
:err
@echo Syntax: MachineAccountQuota Number
endlocal



Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish