Unjoining a computer from domain prompts for Operation to be encrypted

I am trying to unjoin computers from a domain using the attached script running from a domain server logged on as the domain administrator.  When I do I get the following error message:
Line 11
Char 1
Error: Client connection to WINMGMT needs to be encrypted for this operation.  Please adjust your IWbemServices proxy security settings and retry
Code: 80041087
Source: SWbemObjectEx

I have tried to run this aganist Windows XP clients to unjoin them.
Const NETSETUP_ACCT_DELETE = 2 'Disables computer account in domain.
strPassword = "testAdminPW"
strUser = "administrator"
 
Set objNetwork = CreateObject("WScript.Network")
strComputer = "TEST6-xp"
 
Set objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\" & _
 strComputer & "\root\cimv2:Win32_ComputerSystem.Name='" & strComputer & "'")
strDomain = "testdomain"
intReturn = objComputer.UnjoinDomainOrWorkgroup _
 (strPassword, strDomain & "\" & strUser, NETSETUP_ACCT_DELETE)

Open in new window

LVL 1
BKRsupportAsked:
Who is Participating?
 
BKRsupportConnect With a Mentor Author Commented:
This only deletes the account from AD, what I need to do is to have the computer remove itself from the domain and default to a local workgroup.  
I found that I can do this using Netdom.exe remove command, which works.  Thanks for your help.
0
 
RobSampsonConnect With a Mentor Commented:
Hi, see this article:
http://msdn.microsoft.com/en-us/library/aa393618(VS.85).aspx

You should be able to add
authenticationLevel=pktPrivacy}!

to your connection string...

Regards,

Rob.
0
 
BKRsupportAuthor Commented:
How would the authenticationLevel=pktPrivacy fit into the script and where do you provide the local username and password?
0
Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

 
RobSampsonCommented:
Try this.

Regards,

Rob.
Const NETSETUP_ACCT_DELETE = 2 'Disables computer account in domain.
strPassword = "testAdminPW"
strUser = "administrator"
 
Set objNetwork = CreateObject("WScript.Network")
strComputer = "TEST6-xp"
 
Set objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate,authenticationLevel=pktPrivacy}!\\" & _
 strComputer & "\root\cimv2:Win32_ComputerSystem.Name='" & strComputer & "'")
strDomain = "testdomain"
intReturn = objComputer.UnjoinDomainOrWorkgroup _
 (strPassword, strDomain & "\" & strUser, NETSETUP_ACCT_DELETE)

Open in new window

0
 
RobSampsonCommented:
You may need to have strUser equal to YOURDOMAIN\Administrator

And, I'm not sure if the computer account actually *does* get disabled automatically.

If it doesn't, add this to the end of your script.

Regards,

Rob.
Const ADS_SCOPE_SUBTREE = 2
 
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
 
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 
 
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
 
objCommand.CommandText = "SELECT adsPath FROM 'LDAP://" & strDNSDomain & "' WHERE objectCategory='computer' AND CN='" & strComputer & "'"
Set objRecordSet = objCommand.Execute
 
While Not objRecordSet.EOF
	Set objComputer = GetObject("LDAP://cn=atl-ws-01,cn=computers,dc=fabrikam,dc=com")
	objComputer.AccountDisabled = True
	objComputer.SetInfo
Wend
objRecordSet.Close
Set objRecordSet = Nothing

Open in new window

0
 
RobSampsonCommented:
Oops, this should be the code for you to add.

Regards,

Rob.
Const ADS_SCOPE_SUBTREE = 2
 
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
 
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 
 
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
 
objCommand.CommandText = "SELECT adsPath FROM 'LDAP://" & strDNSDomain & "' WHERE objectCategory='computer' AND CN='" & strComputer & "'"
Set objRecordSet = objCommand.Execute
 
While Not objRecordSet.EOF
	Set objComputer = GetObject(objRecordSet.Fields("adsPath").Value)
	objComputer.AccountDisabled = True
	objComputer.SetInfo
	objRecordSet.MoveNext
Wend
objRecordSet.Close
Set objRecordSet = Nothing

Open in new window

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.