Solved

Remove Client from Domain

Posted on 2000-05-02
9
713 Views
Last Modified: 2013-12-23
I need to remove a number of NT Workstation 4 Machines from an NT Domain in a batch file.  I initially  assumed that Netdom.exe could do this (Netdom.exe /D:%USERDOMAIN% MEMBER %COMPUTERNAME% /DELETE) But it only removes the machine account from the Domain Controller and does not seem to do the necessary changes on the client.  Apart from that it does not allow yout to specify the Workgroup name that it is joining.  Registry changes/Service changes/Utilities required to do this within a STANDARD NT batch file (No WSH available on client).  Anybody who can get an answer to me within the next 24 Hours gets a juicy 1000 points.
0
Comment
Question by:benstock
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 63

Expert Comment

by:SysExpert
ID: 2770833
This can be a real pain. I'll have to see if I have any info for you.
0
 
LVL 1

Expert Comment

by:Xces
ID: 2771045
You can modify the registy of the clients, I dont know how will work this but you can try, You can help with an utility that can modify automatically the registry, this is SMS installer and you can download of the microsoft site and the line of the registry is \Local_Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon..make a script an run in each client...download the software and when you have post a comment to help you...if you want you can write to jmsantimi@hotmail.com
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 2771184
The easies way to do this is with sysdiff
You are going to do it manually for one station. doing a snapshot beofre, and a diff afterwards.
All the registry and file changes should show up.
You can then use the resulting Inf file to make batch changes in the registry.

You may have to make some changes to make it into a more standard Inf file or *.reg file.

I hope this helps.

--------------------------------
Server only      Included in the Windows NT Server, but not Workstation, Resource Kit.

Using this utility, you can pre-install applications as part of an automated setup, including applications that do not support scripted installation.

With SYSDIFF, you first create a "snapshot" of Windows NT Workstation after it has been installed on a reference computer. Then, you install the applications you want on the reference computer and create a difference file with information on the these applications. SYSDIFF enables you to view this difference file in a readable format. Finally, you apply the difference file to new installations on other computers, as part of an unattended setup or at any time after initial installation is complete.

If many applications must be installed, the difference file can become unmanageably large, as it contains the files and settings for all these applications. In this case, SYSDIFF enables you to create from the difference file an information (.INF) file containing only Registry and initialization (.INI) file directives. You can then use this information file to install the applications.

To create this separate .INF file, run SYSDIFF using the /inf switch. For documentation, see SYSDIFF.HLP.

A model information file, SYSDIFF.INF, is in the SUPPORT\DEPTOOLS\I386 folder on the Windows NT Workstation 4.0 or Windows NT Server 4.0 CD. SYSDIFF.INF is used to customize SYSDIFF while SYSDIFF is running. Do not use SYSDIFF.INF as a model for the kind of .INF file used to apply only Registry changes and .INI file changes.



Overview of Windows NT Resource Kit Tools version 4.00.03 © Microsoft Corporation 1985 - 1997
0
Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

 
LVL 2

Expert Comment

by:pschwan
ID: 2771662
You may also want to try a simple program called PC Updater from LANovation (http://www.lanovation.com).  This program, in addition to capturing all those registry and file changes required, will dump them into a self-extracting executable.  I've used this many times for various troubleshooting issues and simplification of tasks like the one you're faced with.  I believe the trial version there will have the ability to do what you ask.  If not, I can send you an older version along with the Serial Number (I no longer use it).  The program can display various prompts before and after the installation.  You can build in safeguards to prevent it being run on the wrong OS, and you can set it to prompt for a reboot.  So if you were to, say, throw this into the script for the machines when they log in, it could make the necessary changes, prompt for a reboot, and poof!  they're off the domain.

Hope this helps you out.  Please do post whatever you do as I'm sure I'm not the only one interested in how you'll go about this:)

0
 
LVL 4

Author Comment

by:benstock
ID: 2772527
I tried Sysdiff myself and it exposed no clues, it seems that it is not simply a registry issue.  I modified the settings in the sysdiff.inf file to include just about every registry key with no joy.  I also try SMS installer with the same results.  For 1000 points I would like a complete answer by 17:00 GMT0. (I'll grade with an A any complete answer that comes in by then)
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 2773103
Only 1000 points ?!
One of the ways that crossed my mind is to remove clients from server manager to get them out of domain A, then programatically join them to domain B with NETDOM.
You can't make them a member of a new workgroup unless you visit each machine.
If you can knock up a domain controller, this will create domain B for you.
What's your overall aim here ?
Do they need to be in workgroups ?

This IS a registry issue, but the information you need is encoded into the SAM portion, which SYSDIFF doesn't scan (as it's locked).

I'll keep looking...

0
 

Expert Comment

by:RyanBlace
ID: 2774276
PERL SCRIPT

PERL has the WIN32 calls to handle everything you need.  Build the script and have it run using either the scheduler (can be started remotely and then schedule for 10 minutes from now) or via logon script.

0
 
LVL 9

Accepted Solution

by:
dlb6597 earned 1000 total points
ID: 2774973
I use netdom all the time from a batch file to remove machines from the domain:

NETDOM MEMBER \\name /JOINWORKGROUP workgroupname
0
 
LVL 4

Author Comment

by:benstock
ID: 2776476
Well it turns out that dlb6597 is right(dlb6597 Strange name, how did that come about).

RTFM (More carefully) I suppose.

TVM for everyone for their input.

Would have replied sooner but the server looked as if it was down (might as well give an A grade anyhow)

Regards

Ben
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question