You can use some tools to add Active Directory interaction into your batch scripts. DS tools come with the admin pack from Microsoft for Windows XP or Windows Server 2003. You can use dsquery to retrieve information from the AD or use dsmod to adjust settings related to an OU, user, or computer account.
Additionally, there is:
dsadd
dsget
dsmove
dsrm
I use dsmod to change the password for a bunch of machines per unit and dsquery to find the list of machines that I want to update.
dsquery computer -name LIBPUB* > list.txt
dsmod user “CN=PUBLIC Logon MachineName, OU=PUB,OU=Public Computers,OU=Library,DC=ad,DC=institution,DC=edu” -pwd P@$$w0rd
You can use a For loop to run through all the machines listed in list.txt:
FOR /F %%A IN (list.txt) DO ( [command] )
@REM %%A is a variable name that stores the value in each row of list.txt, it can be used later for reference such as if the MachineName was synced with the list.