Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Remove a computer(Workstation) from the domain

Posted on 2004-10-26
Medium Priority
Last Modified: 2008-05-30
Whenever I disconnect a workstation from the network, I would like to have its name removed from the Computers OU in the Active Directory.
Is there a way to do that?
Question by:Chuckbuchan
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +2

Expert Comment

ID: 12411377
As far as Active directory is concerned, the answer is not readily. If you *really* wanted to, I suppose you could script unjoining the domain at logoff, but for 99.9% of people this would not make sense, nor would it guarantee that simply unplugging the machine from the network or power would remove the computer.

Why? The simple answer is nearly nobody would want to.  

Whether the computer is on or not (there's no way to distinguish between a computer which is off and one which is disconnected **) most organizations would like that computer to be part of their active directory, as AD can be used for setting up machine policies, software pushes etc...  ).

I'd have to go back to the idea of "why would you want to?"

The question suggests there may be something else that you're trying to accomplish, that there may be another approach which will work better.

** If your computer supports WOL, then there is some level of presence in the network card drawing power from the network. If the power is unplugged from the system though it still won't report its existence.

Expert Comment

ID: 12411749
Dear Chuckbuchan:

Could you please tell me first why you need to do this ??

Expert Comment

ID: 12414302
The administrator of the domain controller
can do that.

Go to start --> all programs --->administrative
tools ---> active directory users and computers

find the computer you want to remove in the OU
then right click the computer and click delete,
verifty that you want to delete it by clicking
yes, and that's it!

If you don't have the "active directory users and
computers" option in the menu, then do
the following:

From the administrator account on the active
directory server, click start ---> run

type in "mmc" then enter

click file ---> add/remove snap in

click ok, then follow the directions up above.


Fadi Ramada,
Network+, Security+
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Expert Comment

ID: 12422731
what you are suggesting is perfect if you want to erase the computer account from Active directory.
As far as I know, once the computer reboots...It will still believe it's part of the domain, but you'll have an error when trying to loggin into it because the computer account for this machine doesn't exist anymore. When that happens, you'll need to loggin with local admin account in that PC, and manually detach it from the domain. That's it by going to Computer\Properties\Computer Name and moving the computer to a workgroup and then you'll need to restart it.
Please correct me if I'm wrong...

There is a way to detach the computer (using a command) from the domain by running a Log Off script, using a command called "netdom" (I think it's part of the W2K Res. Kit).  It can only be done by a user part of the local admin group in that PC. One more thing: to make that computer part of the domain again, you 'll have to do it manually...and It can only be done by an user part (at least) of the Account Operators Group.

If you can give us some more information of why you want to do this....it would help.
Thx !



Author Comment

ID: 12422784
the reason I want that is first for inventory purposes. though I am using a third party software that shows all the computers on the network.
But there is another problem that came up. I can ping 02 computer with different names and they give me the same IP address.
I flushed DNS, Released the DHCP and it still gives me the same.


Expert Comment

ID: 12423014
Have you checked the DNS entries in your DNS Server for those two computers ?
They might have the same IP address there.
If they do, erase the wrong record...or even better: erase both of them and reboot those two computers so DNS records can be updated.

Have you tried pinging the ip address to bring the hostname ? IE :  ping -a xxx.xxx.xxx.xxx
If you get same results, you should also erase PTR records from DNS.

There is no way two computers can have the same IP address or name in the same network.

Accepted Solution

Rheiniluoma earned 750 total points
ID: 12423130
OK, this really isn't an Active Directory issue then. It's a DNS issue.

DNS, buy its nature is supposed to keep name-ip mappings around for a while. It does not normally have a mechanism to check for the presence/validity of the entry though (remember DNS was developed long before Active Directory or even reliable TCP/IP connections).

If you are using your DHCP and Active Directory integrated DNS zone to automatically register DNS entries for machines, then the only way to get this process o go faster, is to set your DNS to scavenge old records.

Now there is a caveat you need to be careful of. Scavenging old records can kill off some of your static entries.  If you're not running any static entries, then you'll be fine.

The question is how much overlap are you ready/willing to tolerate? If you're having a non-DHCP machine "register this connection's entry in DNS" then every time you boot the machine, it registers. DHCP the same every time you reboot or release/renew.

Scavenging, if enabled, runs on entries seven days or older.

If you have machines which are statically configured, and almost never reboot, then this is not necessarily the right solution for you.

Go into the DNS console and delete the invalid entry, and it'll be fixed up.

Expert Comment

ID: 12431168
Dear Chuckbuchan:

Another solution if you don't want to miss up with your DNS is to see which of the two machines is registered with the IP in the DHCP and change the NIC for the other machine.

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Make the most of your online learning experience.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question