Solved

Remove Computer Account from the domain problems

Posted on 2009-04-07
15
834 Views
Last Modified: 2012-08-13
I am trying to remove a computer account from the domain, but for whatever reason when I try to run even a simple 3 line computer removal script I get the attached error.

What can I do to get this to work? Why would I not be able to set the value of objComputer?


strComputer = "EBTESTVM2003"
 
set objComputer = GetObject("LDAP://CN=" & strComputer & ",CN=Test,CN=Servers,DC=Domain,DC=com")
 
objComputer.DeleteObject (0)

Open in new window

error.bmp
0
Comment
Question by:mlptechnical
15 Comments
 
LVL 5

Expert Comment

by:Stappmeyer
ID: 24092765
Check your LDAP context.  I am guessing you created the OUs "Test" and "Servers".  
The context is likely to be "ou=Test,ou=Servers,DC=Domain,DC=com"

The CN=Users and CN=Computers containers are computer-protected objects. For backward compatibility reasons.  (This is why the have the CN= designation.)

Steve
0
 
LVL 14

Expert Comment

by:BigBadWolf_000
ID: 24092831
You are missing the underscore after &
see bekow
set objComputer = GetObject("LDAP://CN=" & strComputer & _
    ",CN=Test,CN=Servers,DC=Domain,DC=com")

Open in new window

0
 
LVL 14

Expert Comment

by:BigBadWolf_000
ID: 24092835
Ooops ignore above entry
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 18

Expert Comment

by:Americom
ID: 24094142
There's nothing wrong on your script. Double check on your your OU path and make sure there is a computer account object in the "Test" OU and this OU is under the "Servers" OU and so on.
0
 
LVL 14

Expert Comment

by:BigBadWolf_000
ID: 24096885
Use this script to get/verify you are using correct LDAP path for the computer object in your original script.

'replace with the computer account with $ on the end
Public Const ADS_NAME_INITTYPE_GC = 3
Public Const ADS_NAME_TYPE_1779 = 1
Public const ADS_NAME_TYPE_NT4 = 3
 
sSAMAccountName = "domain\computername$"
 
Set oNTr = WScript.CreateObject("NameTranslate")
oNTr.Init ADS_NAME_INITTYPE_GC, ""
oNTr.Set ADS_NAME_TYPE_NT4, sSAMAccountName
GetDNFromSAM = oNTr.Get(ADS_NAME_TYPE_1779)
 
Set oUser = GetObject("GC://" & GetDNFromSAM)
sUserContainerDN = Replace(lcase(oUser.distinguishedName), lcase("cn=" & oUser.cn) & ",", "")
WScript.Echo sUserContainerDN 

Open in new window

0
 

Author Comment

by:mlptechnical
ID: 24097653
All,

That path I gave is just a test path. I have a real script that runs that looks up the computer name and returns the full path. The path that it is currently trying to use is:

LDAP://10.6.24.221/CN=TESTEB04,OU=Production,OU=Desktops,OU=MLPComputers,DC=DallasMlp,DC=COM

i am not manually entering this into the script, but i am using this command to set the object:

Set objComputer = GetObject(objRecordSet.Fields("ADsPath").Value)

It fails no matter which computer I use, it fails if i try and set it manually or automatically, and I am having lots of issues with it


0
 
LVL 14

Expert Comment

by:BigBadWolf_000
ID: 24099643
Can u post your script...it will be easier to troublshoot
0
 

Author Comment

by:mlptechnical
ID: 24099672

Set objNetwork = CreateObject("WScript.Network") 
strComputer = objNetwork.ComputerName 
 
if isComputerAccountExists(strComputer) = true then
	msgbox(strComputer & " Is on the Domain")
	DeleteComputer(strComputer)
else
	msgbox(strComputer & " Is not on the Domain")
end if
 
 
Function DeleteComputer(ComputerName)
	Const ADS_SCOPE_SUBTREE = 2
	
	Set objConnection = CreateObject("ADODB.Connection")
	Set objCommand =   CreateObject("ADODB.Command")
	objConnection.Provider = "ADsDSOObject"
	objConnection.open "active directory provider", "DallasMLP\username", "password"
	
	Set objCommand.ActiveConnection = objConnection
	objCommand.Properties("Page Size") = 1000
	objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 
	
	objCommand.CommandText = "SELECT ADsPath FROM 'LDAP://192.168.5.221/dc=DallasMLP,dc=com' WHERE objectCategory='computer' " & "AND name='" & ComputerName & "'"
	Set objRecordSet = objCommand.Execute
	
	objRecordSet.MoveFirst
	Do Until objRecordSet.EOF
		strADsPath = objRecordSet.Fields("ADsPath").Value
		
		Set objComputer = GetObject(objRecordSet.Fields("ADsPath").Value)
		
		msgbox(strADsPath)
		msgbox("delete")
		strADsPath.DeleteObject (0)
		Wscript.Echo "The Computer Account has been deleted."
		
		objRecordSet.MoveNext
			
	Loop
	End Function 
 
 
 
Function isComputerAccountExists(host)
	Dim conn, cmd , rs
	Set conn = CreateObject("ADODB.Connection")
	Set cmd = CreateObject("ADODB.Command")
 
	conn.provider = "adsdsoobject"
	conn.open "active directory provider", "DallasMLP\username", "password"
	cmd.activeconnection = conn
	cmd.commandtext = "<LDAP://192.168.5.221/dc=DallasMLP,dc=com>;" & "(&(objectcategory=computer)(objectclass=computer)(cn=" & host & "));cn;subtree"
 
	Set rs = cmd.Execute
 
	If rs.recordcount = 0 Then
	isComputerAccountExists = False
	Else
	isComputerAccountExists = True
	End If
 
	Set rs = Nothing
	Set cmd = Nothing
	Set conn = Nothing
		End Function 

Open in new window

0
 

Author Comment

by:mlptechnical
ID: 24108739
Any updates? The problem still boils down to the fact that for whatever reason, objComputer can't get the value assigned to it.

Please Help!
0
 
LVL 14

Expert Comment

by:BigBadWolf_000
ID: 24109391
Ran with line below and it worked fine...Are u runnning the first script u posted on a DC or from a client PC
set objComputer = GetObject("LDAP://CN=" & strComputer & ",CN=computers,DC=mydomain,DC=us,DC=com")
0
 

Author Comment

by:mlptechnical
ID: 24109668
From a client computer that isn't joined to the domain. But it does connect and pass admin credintials.
0
 
LVL 14

Expert Comment

by:BigBadWolf_000
ID: 24109787
FYI....i ran the first script on a DC.
Have you tried running it on a PC on the domain? just to eliminate syntax vs accesscontrol issues
0
 

Author Comment

by:mlptechnical
ID: 24110109
Yup, i even tried that simple three line one on the domain and that still didn't work.
0
 

Author Comment

by:mlptechnical
ID: 24110168
does it make a difference if the OS is running server 2008 or not?
0
 
LVL 14

Accepted Solution

by:
BigBadWolf_000 earned 500 total points
ID: 24110538
Hmmmm it may. I tested on 2003 domain...don't have 2008 domain to test on..
Try this script...

http://groups.google.com/group/microsoft.public.adsi.general/browse_thread/thread/419098cbfb3b7f55/cd52d33f0a597f3b
 
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question