Remove a computer(Workstation) from the domain

Whenever I disconnect a workstation from the network, I would like to have its name removed from the Computers OU in the Active Directory.
Is there a way to do that?
Who is Participating?
OK, this really isn't an Active Directory issue then. It's a DNS issue.

DNS, buy its nature is supposed to keep name-ip mappings around for a while. It does not normally have a mechanism to check for the presence/validity of the entry though (remember DNS was developed long before Active Directory or even reliable TCP/IP connections).

If you are using your DHCP and Active Directory integrated DNS zone to automatically register DNS entries for machines, then the only way to get this process o go faster, is to set your DNS to scavenge old records.

Now there is a caveat you need to be careful of. Scavenging old records can kill off some of your static entries.  If you're not running any static entries, then you'll be fine.

The question is how much overlap are you ready/willing to tolerate? If you're having a non-DHCP machine "register this connection's entry in DNS" then every time you boot the machine, it registers. DHCP the same every time you reboot or release/renew.

Scavenging, if enabled, runs on entries seven days or older.

If you have machines which are statically configured, and almost never reboot, then this is not necessarily the right solution for you.

Go into the DNS console and delete the invalid entry, and it'll be fixed up.
As far as Active directory is concerned, the answer is not readily. If you *really* wanted to, I suppose you could script unjoining the domain at logoff, but for 99.9% of people this would not make sense, nor would it guarantee that simply unplugging the machine from the network or power would remove the computer.

Why? The simple answer is nearly nobody would want to.  

Whether the computer is on or not (there's no way to distinguish between a computer which is off and one which is disconnected **) most organizations would like that computer to be part of their active directory, as AD can be used for setting up machine policies, software pushes etc...  ).

I'd have to go back to the idea of "why would you want to?"

The question suggests there may be something else that you're trying to accomplish, that there may be another approach which will work better.

** If your computer supports WOL, then there is some level of presence in the network card drawing power from the network. If the power is unplugged from the system though it still won't report its existence.
Dear Chuckbuchan:

Could you please tell me first why you need to do this ??
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

The administrator of the domain controller
can do that.

Go to start --> all programs --->administrative
tools ---> active directory users and computers

find the computer you want to remove in the OU
then right click the computer and click delete,
verifty that you want to delete it by clicking
yes, and that's it!

If you don't have the "active directory users and
computers" option in the menu, then do
the following:

From the administrator account on the active
directory server, click start ---> run

type in "mmc" then enter

click file ---> add/remove snap in

click ok, then follow the directions up above.


Fadi Ramada,
Network+, Security+
what you are suggesting is perfect if you want to erase the computer account from Active directory.
As far as I know, once the computer reboots...It will still believe it's part of the domain, but you'll have an error when trying to loggin into it because the computer account for this machine doesn't exist anymore. When that happens, you'll need to loggin with local admin account in that PC, and manually detach it from the domain. That's it by going to Computer\Properties\Computer Name and moving the computer to a workgroup and then you'll need to restart it.
Please correct me if I'm wrong...

There is a way to detach the computer (using a command) from the domain by running a Log Off script, using a command called "netdom" (I think it's part of the W2K Res. Kit).  It can only be done by a user part of the local admin group in that PC. One more thing: to make that computer part of the domain again, you 'll have to do it manually...and It can only be done by an user part (at least) of the Account Operators Group.

If you can give us some more information of why you want to do would help.
Thx !


ChuckbuchanAuthor Commented:
the reason I want that is first for inventory purposes. though I am using a third party software that shows all the computers on the network.
But there is another problem that came up. I can ping 02 computer with different names and they give me the same IP address.
I flushed DNS, Released the DHCP and it still gives me the same.

Have you checked the DNS entries in your DNS Server for those two computers ?
They might have the same IP address there.
If they do, erase the wrong record...or even better: erase both of them and reboot those two computers so DNS records can be updated.

Have you tried pinging the ip address to bring the hostname ? IE :  ping -a
If you get same results, you should also erase PTR records from DNS.

There is no way two computers can have the same IP address or name in the same network.
Dear Chuckbuchan:

Another solution if you don't want to miss up with your DNS is to see which of the two machines is registered with the IP in the DHCP and change the NIC for the other machine.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.