Solved

Remove Computer Account from the domain problems

Posted on 2009-04-07
15
837 Views
Last Modified: 2012-08-13
I am trying to remove a computer account from the domain, but for whatever reason when I try to run even a simple 3 line computer removal script I get the attached error.

What can I do to get this to work? Why would I not be able to set the value of objComputer?


strComputer = "EBTESTVM2003"
 
set objComputer = GetObject("LDAP://CN=" & strComputer & ",CN=Test,CN=Servers,DC=Domain,DC=com")
 
objComputer.DeleteObject (0)

Open in new window

error.bmp
0
Comment
Question by:mlptechnical
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
15 Comments
 
LVL 5

Expert Comment

by:Stappmeyer
ID: 24092765
Check your LDAP context.  I am guessing you created the OUs "Test" and "Servers".  
The context is likely to be "ou=Test,ou=Servers,DC=Domain,DC=com"

The CN=Users and CN=Computers containers are computer-protected objects. For backward compatibility reasons.  (This is why the have the CN= designation.)

Steve
0
 
LVL 14

Expert Comment

by:BigBadWolf_000
ID: 24092831
You are missing the underscore after &
see bekow
set objComputer = GetObject("LDAP://CN=" & strComputer & _
    ",CN=Test,CN=Servers,DC=Domain,DC=com")

Open in new window

0
 
LVL 14

Expert Comment

by:BigBadWolf_000
ID: 24092835
Ooops ignore above entry
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 18

Expert Comment

by:Americom
ID: 24094142
There's nothing wrong on your script. Double check on your your OU path and make sure there is a computer account object in the "Test" OU and this OU is under the "Servers" OU and so on.
0
 
LVL 14

Expert Comment

by:BigBadWolf_000
ID: 24096885
Use this script to get/verify you are using correct LDAP path for the computer object in your original script.

'replace with the computer account with $ on the end
Public Const ADS_NAME_INITTYPE_GC = 3
Public Const ADS_NAME_TYPE_1779 = 1
Public const ADS_NAME_TYPE_NT4 = 3
 
sSAMAccountName = "domain\computername$"
 
Set oNTr = WScript.CreateObject("NameTranslate")
oNTr.Init ADS_NAME_INITTYPE_GC, ""
oNTr.Set ADS_NAME_TYPE_NT4, sSAMAccountName
GetDNFromSAM = oNTr.Get(ADS_NAME_TYPE_1779)
 
Set oUser = GetObject("GC://" & GetDNFromSAM)
sUserContainerDN = Replace(lcase(oUser.distinguishedName), lcase("cn=" & oUser.cn) & ",", "")
WScript.Echo sUserContainerDN 

Open in new window

0
 

Author Comment

by:mlptechnical
ID: 24097653
All,

That path I gave is just a test path. I have a real script that runs that looks up the computer name and returns the full path. The path that it is currently trying to use is:

LDAP://10.6.24.221/CN=TESTEB04,OU=Production,OU=Desktops,OU=MLPComputers,DC=DallasMlp,DC=COM

i am not manually entering this into the script, but i am using this command to set the object:

Set objComputer = GetObject(objRecordSet.Fields("ADsPath").Value)

It fails no matter which computer I use, it fails if i try and set it manually or automatically, and I am having lots of issues with it


0
 
LVL 14

Expert Comment

by:BigBadWolf_000
ID: 24099643
Can u post your script...it will be easier to troublshoot
0
 

Author Comment

by:mlptechnical
ID: 24099672

Set objNetwork = CreateObject("WScript.Network") 
strComputer = objNetwork.ComputerName 
 
if isComputerAccountExists(strComputer) = true then
	msgbox(strComputer & " Is on the Domain")
	DeleteComputer(strComputer)
else
	msgbox(strComputer & " Is not on the Domain")
end if
 
 
Function DeleteComputer(ComputerName)
	Const ADS_SCOPE_SUBTREE = 2
	
	Set objConnection = CreateObject("ADODB.Connection")
	Set objCommand =   CreateObject("ADODB.Command")
	objConnection.Provider = "ADsDSOObject"
	objConnection.open "active directory provider", "DallasMLP\username", "password"
	
	Set objCommand.ActiveConnection = objConnection
	objCommand.Properties("Page Size") = 1000
	objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 
	
	objCommand.CommandText = "SELECT ADsPath FROM 'LDAP://192.168.5.221/dc=DallasMLP,dc=com' WHERE objectCategory='computer' " & "AND name='" & ComputerName & "'"
	Set objRecordSet = objCommand.Execute
	
	objRecordSet.MoveFirst
	Do Until objRecordSet.EOF
		strADsPath = objRecordSet.Fields("ADsPath").Value
		
		Set objComputer = GetObject(objRecordSet.Fields("ADsPath").Value)
		
		msgbox(strADsPath)
		msgbox("delete")
		strADsPath.DeleteObject (0)
		Wscript.Echo "The Computer Account has been deleted."
		
		objRecordSet.MoveNext
			
	Loop
	End Function 
 
 
 
Function isComputerAccountExists(host)
	Dim conn, cmd , rs
	Set conn = CreateObject("ADODB.Connection")
	Set cmd = CreateObject("ADODB.Command")
 
	conn.provider = "adsdsoobject"
	conn.open "active directory provider", "DallasMLP\username", "password"
	cmd.activeconnection = conn
	cmd.commandtext = "<LDAP://192.168.5.221/dc=DallasMLP,dc=com>;" & "(&(objectcategory=computer)(objectclass=computer)(cn=" & host & "));cn;subtree"
 
	Set rs = cmd.Execute
 
	If rs.recordcount = 0 Then
	isComputerAccountExists = False
	Else
	isComputerAccountExists = True
	End If
 
	Set rs = Nothing
	Set cmd = Nothing
	Set conn = Nothing
		End Function 

Open in new window

0
 

Author Comment

by:mlptechnical
ID: 24108739
Any updates? The problem still boils down to the fact that for whatever reason, objComputer can't get the value assigned to it.

Please Help!
0
 
LVL 14

Expert Comment

by:BigBadWolf_000
ID: 24109391
Ran with line below and it worked fine...Are u runnning the first script u posted on a DC or from a client PC
set objComputer = GetObject("LDAP://CN=" & strComputer & ",CN=computers,DC=mydomain,DC=us,DC=com")
0
 

Author Comment

by:mlptechnical
ID: 24109668
From a client computer that isn't joined to the domain. But it does connect and pass admin credintials.
0
 
LVL 14

Expert Comment

by:BigBadWolf_000
ID: 24109787
FYI....i ran the first script on a DC.
Have you tried running it on a PC on the domain? just to eliminate syntax vs accesscontrol issues
0
 

Author Comment

by:mlptechnical
ID: 24110109
Yup, i even tried that simple three line one on the domain and that still didn't work.
0
 

Author Comment

by:mlptechnical
ID: 24110168
does it make a difference if the OS is running server 2008 or not?
0
 
LVL 14

Accepted Solution

by:
BigBadWolf_000 earned 500 total points
ID: 24110538
Hmmmm it may. I tested on 2003 domain...don't have 2008 domain to test on..
Try this script...

http://groups.google.com/group/microsoft.public.adsi.general/browse_thread/thread/419098cbfb3b7f55/cd52d33f0a597f3b
 
0

Featured Post

[Webinar] Code, Load, and Grow

Managing multiple websites, servers, applications, and security on a daily basis? Join us for a webinar on May 25th to learn how to simplify administration and management of virtual hosts for IT admins, create a secure environment, and deploy code more effectively and frequently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the steps required to use the default Photos screensaver to display branding/corporate images
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question