Click to open or copy the files for the MachAcct sample.
This sample illustrates how to create a machine account on the specified domain.
Machine account types are defined by the following flags:
This sample attempts to create a workstation machine account, of type UF_WORKSTATION_TRUST_ACCOUNT. This account type is used for workstations and non-DC servers which are domain members.
If the computer account creation fails with GetLastError == ERROR_ACCESS_DENIED, the sample attempts to enable the SeMachineAccountPrivilege for the caller. If the privilege is enabled successfully, the computer account add operation is re-tried.
Deleting machine accounts can be accomplished using the NetUserDel Windows NT Lan Manager API call.
Account update operations against a domain must be performed against the primary domain controller for the specified domain. This sample uses the NetGetDCName Windows NT Lan Manager API call to determine the computer name of the primary domain controller.
Commandline parameter argv[1] indicates the name of the account to create, which is typically the name of the machine.
Commandline parameter argv[2] is optional and indicates the target domain. If this commandline argument is omitted, the machine account is created on the local domain. It is recommended that you always supply a domain name in this sample, as this insures that the update occurs at the primary domain controller.
The following commandline creates a machine account named WINBASE in the domain named NTWKSTA:
machacct.exe WINBASE NTWKSTA
This sample uses the following keywords:
addmachineaccount; adjusttokenprivileges; closehandle; displayerror; formatmessagea; fprintf; freelibrary; getcurrentprocess; getlasterror; getstdhandle; loadlibraryex; localfree; lookupprivilegevalue; lstrlenw; makelangid; netapibufferfree; netgetdcname; netuseradd; openprocesstoken; setcurrentprivilege; setlasterror; text; towlower; towupper; wmain; writefile; zeromemory