移除无效的域控制器(ADDS)SCript(二) 我们上一篇介绍了使用命令行移除无效的域控制器(DC)操作,今天我们主要介绍使用VBS脚本来移除无效的域控制器,我们上一篇已经把DC2给删除了,所以我们为了测试,重新将一台服务器提升为域控制器,其实用脚本操作的过程是一样的,只是把操作过程写成了脚本而已;具体见下: ![](https://s4.51cto.com/images/blog/201801/16/abd9de35f34d5b1cc0ad4dc62410185a.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=) 我们首先查看Domain Controller列表 ![](https://s4.51cto.com/images/blog/201801/16/e0bb92f4af255b970d87ad992692c98f.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=) 我们准备好脚本 ``` REM ========================================================== REM GUI Metadata Cleanup Utility REM Version 2.5 REM ========================================================== REM This tool is furnished "AS IS". NO warranty is expressed or Implied. on error resume next dim objRoot,oDC,sPath,outval,oDCSelect,objConfiguration,objContainer,errval,ODCPath,ckdcPath,myObj,comparename rem =======This gets the name of the computer that the script is run on ====== Set sh = CreateObject("WScript.Shell") key= "HKEY_LOCAL_MACHINE" computerName = sh.RegRead(key & "\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName\ComputerName") rem === Get the default naming context of the domain==== set objRoot=GetObject("LDAP://RootDSE") sPath = "LDAP://OU=Domain Controllers," & objRoot.Get("defaultNamingContext") rem === Get the list of domain controllers==== Set objConfiguration = GetObject(sPath) For Each objContainer in objConfiguration outval = outval & vbtab & objContainer.Name & VBCRLF Next outval = Replace(outval, "CN=", "") rem ==Retrieve the name of the broken DC from the user and verify it's not this DC.=== oDCSelect= InputBox (outval," Enter the computer name to be removed","") comparename = UCase(oDCSelect) if comparename = computerName then msgbox "The Domain Controller you entered is the machine that is running this script." & vbcrlf & _ "You cannot clean up the metadata for the machine that is running the script!",,"Metadata Cleanup Utility Error." wscript.quit End If sPath = "LDAP://OU=Domain Controllers," & objRoot.Get("defaultNamingContext") Set objConfiguration = GetObject(sPath) For Each objContainer in objConfiguration Err.Clear ckdcPath = "LDAP://" & "CN=" & oDCSelect & ",OU=Domain Controllers," & objRoot.Get("defaultNamingContext") set myObj=GetObject(ckdcPath) If err.number <>0 Then errval= 1 End If Next If errval = 1 then msgbox "The Domain Controller you entered was not found in the Active Directory",,"Metadata Cleanup Utility Error." wscript.quit End If abort = msgbox ("You are about to remove all metadata for the server " & oDCSelect & "! Are you sure?",4404,"WARNING!!") if abort <> 6 then msgbox "Metadata Cleanup Aborted.",,"Metadata Cleanup Utility Error." wscript.quit end if oDCSelect = "CN=" & oDCSelect ODCPath ="LDAP://" & oDCselect & ",OU=Domain Controllers," & objRoot.Get("defaultNamingContext") sSitelist = "LDAP://CN=Sites,CN=Configuration," & objRoot.Get("defaultNamingContext") Set objConfiguration = GetObject(sSitelist) For Each objContainer in objConfiguration Err.Clear sitePath = "LDAP://" & oDCSelect & ",CN=Servers," & objContainer.Name & ",CN=Sites,CN=Configuration," & _ objRoot.Get("defaultNamingContext") set myObj=GetObject(sitePath) If err.number = 0 Then siteval = sitePath End If Next sFRSSysvolList = "LDAP://CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System," & _ objRoot.Get("defaultNamingContext") Set objConfiguration = GetObject(sFRSSysvolList) For Each objContainer in objConfiguration Err.Clear SYSVOLPath = "LDAP://" & oDCSelect & ",CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System," & _ objRoot.Get("defaultNamingContext") set myObj=GetObject(SYSVOLPath) If err.number = 0 Then SYSVOLval = SYSVOLPath End If Next SiteList = Replace(sSitelist, "LDAP://", "") VarSitelist = "LDAP://CN=Sites,CN=Configuration," & objRoot.Get("defaultNamingContext") Set SiteConfiguration = GetObject(VarSitelist) For Each SiteContainer in SiteConfiguration Sitevar = SiteContainer.Name VarPath ="LDAP://OU=Domain Controllers," & objRoot.Get("defaultNamingContext") Set DCConfiguration = GetObject(VarPath) For Each DomContainer in DCConfiguration DCVar = DomContainer.Name strFromServer = "" NTDSPATH = DCVar & ",CN=Servers," & SiteVar & "," & SiteList GuidPath = "LDAP://CN=NTDS Settings,"& NTDSPATH Set objCheck = GetObject(NTDSPATH) For Each CheckContainer in objCheck rem ====check for valid site paths ======================= ldapntdspath = "LDAP://" & NTDSPATH Err.Clear set exists=GetObject(ldapntdspath) If err.number = 0 Then Set oGuidGet = GetObject(GuidPath) For Each objContainer in oGuidGet oGuid = objContainer.Name oGuidPath = "LDAP://" & oGuid & ",CN=NTDS Settings," & NTDSPATH Set objSitelink = GetObject(oGuidPath) objSiteLink.GetInfo strFromServer = objSiteLink.Get("fromServer") ispresent = Instr(1,strFromServer,oDCSelect,1) if ispresent <> 0 then Set objReplLinkVal = GetObject(oGuidPath) objReplLinkVal.DeleteObject(0) end if next sitedelval = "CN=" & comparename & ",CN=Servers," & SiteVar & "," & SiteList if sitedelval = ntdspath then Set objguidpath = GetObject(guidpath) objguidpath.DeleteObject(0) Set objntdspath = GetObject(ldapntdspath) objntdspath.DeleteObject(0) end if End If next next next Set AccountObject = GetObject(ckdcPath) temp=Accountobject.Get ("userAccountControl") AccountObject.Put "userAccountControl", "4096" AccountObject.SetInfo Set objFRSSysvol = GetObject(SYSVOLval) objFRSSysvol.DeleteObject(0) Set objComputer = GetObject(ckdcPath) objComputer.DeleteObject(0) Set objConfig = GetObject(siteval) objConfig.DeleteObject(0) oDCSelect = Replace(oDCSelect, "CN=", "") msgval = "Metadata Cleanup Completed for " & oDCSelect msgbox msgval,,"Notice." wscript.quit ``` 保存好脚本的扩展名为.vbs,然后保存在DC上,我们双击打开,会显示我们当前环境内所有的DC的hostname ![](https://s4.51cto.com/images/blog/201801/16/de41a16275c594a7ea5d81b90505f67e.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=) 因为我们要删除AO2,所以我们输入AO2名称,确认即可 ![](https://s4.51cto.com/images/blog/201801/16/b1f77488b22f0b0fa1ef291c64e8fcd7.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=) 如果我们输入的名称在AD中不存在就会提示一下信息 ![](https://s4.51cto.com/images/blog/201801/16/07eb16607e6c8e14265c7e09adfb6b82.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=) 提示确认AO2是否需要删除,确认即可 ![](https://s4.51cto.com/images/blog/201801/16/84879b888d8b1e5c0f21a57491a978c8.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=) 删除完成 ![](https://s4.51cto.com/images/blog/201801/16/ef01d691f91521003023024c0eefb3d5.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=) 删除后,我们还是同样需要检查DNS、Sites中的遗留信息,具体可以参考上一篇文章中的介绍。 注:对于上面的脚本,我已上传到了blog中,请通过以下链接进行下载; http://down.51cto.com/data/2388307