' clonelg.vbt start ' CloneSecurityPrincipal VBScript ' ' Clone all Local Groups in a domain ' ' Copyright (C) 1999 Microsoft Corporation. // this is a Visual Basic Script "Template", used in conjunction with the // MS Visual C++ Preprocessor to overcome some of the source management // limitations of VBScript. Not perfect, but better than a stick in the eye. // // use cl /EP foo.vbt > foo.vbs to expand the template // this is all our common code. #include "clonepr.vbi" const SCRIPT_FILENAME = "clonelg.vbs" const SCRIPT_SOURCE_NAME = __FILE__ const SCRIPT_DATE = __DATE__ const SCRIPT_TIME = __TIME__ // code common to the scripts that operate on all domain accounts. We // supply our own definition of ShouldCloneObject. For every object for // which we return True, that object is cloned. #include "clonedom.vbi" Main wscript.quit(0) ' returns True if the object is a local group and is not well known group function ShouldCloneObject(byref srcObject) on error resume next if ObjectClass(srcObject) = CLASS_LOCAL_GROUP then ' determine if the group is a well known sid.SetAs ADS_SID_WINNT_PATH, srcObject.AdsPath & "," & srcObject.Class if Err.Number then DumpErrAndQuit dim sidString sidString = sid.GetAs(ADS_SID_SDDL) if Err.Number then DumpErrAndQuit 'To Stop Cloning Well Known Sids Uncomment 4 lines below ' if HasWellKnownRid(sidString) then ' ShouldCloneObject = False ' exit function ' end if if IsBuiltInSid( sidString ) then Echo srcObject.Name & " is a builtin Account." Echo "BuiltIn Users and Groups cannot be cloned" ShouldCloneObject = False exit function end if ShouldCloneObject = True exit function end if ShouldCloneObject = False end function ' clonelg.vbt end