BKRsupport
asked on
Unjoining a computer from domain prompts for Operation to be encrypted
I am trying to unjoin computers from a domain using the attached script running from a domain server logged on as the domain administrator. When I do I get the following error message:
Line 11
Char 1
Error: Client connection to WINMGMT needs to be encrypted for this operation. Please adjust your IWbemServices proxy security settings and retry
Code: 80041087
Source: SWbemObjectEx
I have tried to run this aganist Windows XP clients to unjoin them.
Line 11
Char 1
Error: Client connection to WINMGMT needs to be encrypted for this operation. Please adjust your IWbemServices proxy security settings and retry
Code: 80041087
Source: SWbemObjectEx
I have tried to run this aganist Windows XP clients to unjoin them.
Const NETSETUP_ACCT_DELETE = 2 'Disables computer account in domain.
strPassword = "testAdminPW"
strUser = "administrator"
Set objNetwork = CreateObject("WScript.Network")
strComputer = "TEST6-xp"
Set objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\" & _
strComputer & "\root\cimv2:Win32_ComputerSystem.Name='" & strComputer & "'")
strDomain = "testdomain"
intReturn = objComputer.UnjoinDomainOrWorkgroup _
(strPassword, strDomain & "\" & strUser, NETSETUP_ACCT_DELETE)
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Try this.
Regards,
Rob.
Regards,
Rob.
Const NETSETUP_ACCT_DELETE = 2 'Disables computer account in domain.
strPassword = "testAdminPW"
strUser = "administrator"
Set objNetwork = CreateObject("WScript.Network")
strComputer = "TEST6-xp"
Set objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate,authenticationLevel=pktPrivacy}!\\" & _
strComputer & "\root\cimv2:Win32_ComputerSystem.Name='" & strComputer & "'")
strDomain = "testdomain"
intReturn = objComputer.UnjoinDomainOrWorkgroup _
(strPassword, strDomain & "\" & strUser, NETSETUP_ACCT_DELETE)
You may need to have strUser equal to YOURDOMAIN\Administrator
And, I'm not sure if the computer account actually *does* get disabled automatically.
If it doesn't, add this to the end of your script.
Regards,
Rob.
And, I'm not sure if the computer account actually *does* get disabled automatically.
If it doesn't, add this to the end of your script.
Regards,
Rob.
Const ADS_SCOPE_SUBTREE = 2
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
objCommand.CommandText = "SELECT adsPath FROM 'LDAP://" & strDNSDomain & "' WHERE objectCategory='computer' AND CN='" & strComputer & "'"
Set objRecordSet = objCommand.Execute
While Not objRecordSet.EOF
Set objComputer = GetObject("LDAP://cn=atl-ws-01,cn=computers,dc=fabrikam,dc=com")
objComputer.AccountDisabled = True
objComputer.SetInfo
Wend
objRecordSet.Close
Set objRecordSet = Nothing
Oops, this should be the code for you to add.
Regards,
Rob.
Regards,
Rob.
Const ADS_SCOPE_SUBTREE = 2
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
objCommand.CommandText = "SELECT adsPath FROM 'LDAP://" & strDNSDomain & "' WHERE objectCategory='computer' AND CN='" & strComputer & "'"
Set objRecordSet = objCommand.Execute
While Not objRecordSet.EOF
Set objComputer = GetObject(objRecordSet.Fields("adsPath").Value)
objComputer.AccountDisabled = True
objComputer.SetInfo
objRecordSet.MoveNext
Wend
objRecordSet.Close
Set objRecordSet = Nothing
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER