[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Unjoining a computer from domain prompts for Operation to be encrypted

Posted on 2008-11-11
6
Medium Priority
?
1,499 Views
Last Modified: 2012-05-05
I am trying to unjoin computers from a domain using the attached script running from a domain server logged on as the domain administrator.  When I do I get the following error message:
Line 11
Char 1
Error: Client connection to WINMGMT needs to be encrypted for this operation.  Please adjust your IWbemServices proxy security settings and retry
Code: 80041087
Source: SWbemObjectEx

I have tried to run this aganist Windows XP clients to unjoin them.
Const NETSETUP_ACCT_DELETE = 2 'Disables computer account in domain.
strPassword = "testAdminPW"
strUser = "administrator"
 
Set objNetwork = CreateObject("WScript.Network")
strComputer = "TEST6-xp"
 
Set objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\" & _
 strComputer & "\root\cimv2:Win32_ComputerSystem.Name='" & strComputer & "'")
strDomain = "testdomain"
intReturn = objComputer.UnjoinDomainOrWorkgroup _
 (strPassword, strDomain & "\" & strUser, NETSETUP_ACCT_DELETE)

Open in new window

0
Comment
Question by:BKRsupport
  • 4
  • 2
6 Comments
 
LVL 65

Assisted Solution

by:RobSampson
RobSampson earned 2000 total points
ID: 22943568
Hi, see this article:
http://msdn.microsoft.com/en-us/library/aa393618(VS.85).aspx

You should be able to add
authenticationLevel=pktPrivacy}!

to your connection string...

Regards,

Rob.
0
 
LVL 1

Author Comment

by:BKRsupport
ID: 22952342
How would the authenticationLevel=pktPrivacy fit into the script and where do you provide the local username and password?
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 22955773
Try this.

Regards,

Rob.
Const NETSETUP_ACCT_DELETE = 2 'Disables computer account in domain.
strPassword = "testAdminPW"
strUser = "administrator"
 
Set objNetwork = CreateObject("WScript.Network")
strComputer = "TEST6-xp"
 
Set objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate,authenticationLevel=pktPrivacy}!\\" & _
 strComputer & "\root\cimv2:Win32_ComputerSystem.Name='" & strComputer & "'")
strDomain = "testdomain"
intReturn = objComputer.UnjoinDomainOrWorkgroup _
 (strPassword, strDomain & "\" & strUser, NETSETUP_ACCT_DELETE)

Open in new window

0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 65

Expert Comment

by:RobSampson
ID: 22956208
You may need to have strUser equal to YOURDOMAIN\Administrator

And, I'm not sure if the computer account actually *does* get disabled automatically.

If it doesn't, add this to the end of your script.

Regards,

Rob.
Const ADS_SCOPE_SUBTREE = 2
 
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
 
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 
 
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
 
objCommand.CommandText = "SELECT adsPath FROM 'LDAP://" & strDNSDomain & "' WHERE objectCategory='computer' AND CN='" & strComputer & "'"
Set objRecordSet = objCommand.Execute
 
While Not objRecordSet.EOF
	Set objComputer = GetObject("LDAP://cn=atl-ws-01,cn=computers,dc=fabrikam,dc=com")
	objComputer.AccountDisabled = True
	objComputer.SetInfo
Wend
objRecordSet.Close
Set objRecordSet = Nothing

Open in new window

0
 
LVL 65

Expert Comment

by:RobSampson
ID: 22956220
Oops, this should be the code for you to add.

Regards,

Rob.
Const ADS_SCOPE_SUBTREE = 2
 
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
 
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 
 
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
 
objCommand.CommandText = "SELECT adsPath FROM 'LDAP://" & strDNSDomain & "' WHERE objectCategory='computer' AND CN='" & strComputer & "'"
Set objRecordSet = objCommand.Execute
 
While Not objRecordSet.EOF
	Set objComputer = GetObject(objRecordSet.Fields("adsPath").Value)
	objComputer.AccountDisabled = True
	objComputer.SetInfo
	objRecordSet.MoveNext
Wend
objRecordSet.Close
Set objRecordSet = Nothing

Open in new window

0
 
LVL 1

Accepted Solution

by:
BKRsupport earned 0 total points
ID: 22958716
This only deletes the account from AD, what I need to do is to have the computer remove itself from the domain and default to a local workgroup.  
I found that I can do this using Netdom.exe remove command, which works.  Thanks for your help.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello again, all.  For those of you that have been following along, you'll know that this is my third article on this topic (though it is not Part III).  This article is sort of remedial, and probably the topic with which I should have started the s…
When you see single cell contains number and text, and you have to get any date out of it seems like cracking our heads.
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…
Suggested Courses
Course of the Month18 days, 22 hours left to enroll

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question