Solved

Remove Computer Account from the domain problems

Posted on 2009-04-07
15
832 Views
Last Modified: 2012-08-13
I am trying to remove a computer account from the domain, but for whatever reason when I try to run even a simple 3 line computer removal script I get the attached error.

What can I do to get this to work? Why would I not be able to set the value of objComputer?


strComputer = "EBTESTVM2003"
 

set objComputer = GetObject("LDAP://CN=" & strComputer & ",CN=Test,CN=Servers,DC=Domain,DC=com")
 

objComputer.DeleteObject (0)

Open in new window

error.bmp
0
Comment
Question by:mlptechnical
15 Comments
 
LVL 5

Expert Comment

by:Stappmeyer
Comment Utility
Check your LDAP context.  I am guessing you created the OUs "Test" and "Servers".  
The context is likely to be "ou=Test,ou=Servers,DC=Domain,DC=com"

The CN=Users and CN=Computers containers are computer-protected objects. For backward compatibility reasons.  (This is why the have the CN= designation.)

Steve
0
 
LVL 14

Expert Comment

by:BigBadWolf_000
Comment Utility
You are missing the underscore after &
see bekow
set objComputer = GetObject("LDAP://CN=" & strComputer & _

    ",CN=Test,CN=Servers,DC=Domain,DC=com")

Open in new window

0
 
LVL 14

Expert Comment

by:BigBadWolf_000
Comment Utility
Ooops ignore above entry
0
 
LVL 18

Expert Comment

by:Americom
Comment Utility
There's nothing wrong on your script. Double check on your your OU path and make sure there is a computer account object in the "Test" OU and this OU is under the "Servers" OU and so on.
0
 
LVL 14

Expert Comment

by:BigBadWolf_000
Comment Utility
Use this script to get/verify you are using correct LDAP path for the computer object in your original script.

'replace with the computer account with $ on the end
Public Const ADS_NAME_INITTYPE_GC = 3

Public Const ADS_NAME_TYPE_1779 = 1

Public const ADS_NAME_TYPE_NT4 = 3
 

sSAMAccountName = "domain\computername$"
 

Set oNTr = WScript.CreateObject("NameTranslate")

oNTr.Init ADS_NAME_INITTYPE_GC, ""

oNTr.Set ADS_NAME_TYPE_NT4, sSAMAccountName

GetDNFromSAM = oNTr.Get(ADS_NAME_TYPE_1779)
 

Set oUser = GetObject("GC://" & GetDNFromSAM)

sUserContainerDN = Replace(lcase(oUser.distinguishedName), lcase("cn=" & oUser.cn) & ",", "")

WScript.Echo sUserContainerDN 

Open in new window

0
 

Author Comment

by:mlptechnical
Comment Utility
All,

That path I gave is just a test path. I have a real script that runs that looks up the computer name and returns the full path. The path that it is currently trying to use is:

LDAP://10.6.24.221/CN=TESTEB04,OU=Production,OU=Desktops,OU=MLPComputers,DC=DallasMlp,DC=COM

i am not manually entering this into the script, but i am using this command to set the object:

Set objComputer = GetObject(objRecordSet.Fields("ADsPath").Value)

It fails no matter which computer I use, it fails if i try and set it manually or automatically, and I am having lots of issues with it


0
 
LVL 14

Expert Comment

by:BigBadWolf_000
Comment Utility
Can u post your script...it will be easier to troublshoot
0
Promote certifications in your email signature

Has your company recently won an award or achieved a certification? They'll no doubt want to show it off. Email signature images used to promote certifications & awards can instantly establish credibility with a recipient and provide you with numerous benefits.

 

Author Comment

by:mlptechnical
Comment Utility

Set objNetwork = CreateObject("WScript.Network") 

strComputer = objNetwork.ComputerName 
 

if isComputerAccountExists(strComputer) = true then

	msgbox(strComputer & " Is on the Domain")

	DeleteComputer(strComputer)

else

	msgbox(strComputer & " Is not on the Domain")

end if
 
 

Function DeleteComputer(ComputerName)

	Const ADS_SCOPE_SUBTREE = 2

	

	Set objConnection = CreateObject("ADODB.Connection")

	Set objCommand =   CreateObject("ADODB.Command")

	objConnection.Provider = "ADsDSOObject"

	objConnection.open "active directory provider", "DallasMLP\username", "password"

	

	Set objCommand.ActiveConnection = objConnection

	objCommand.Properties("Page Size") = 1000

	objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 

	

	objCommand.CommandText = "SELECT ADsPath FROM 'LDAP://192.168.5.221/dc=DallasMLP,dc=com' WHERE objectCategory='computer' " & "AND name='" & ComputerName & "'"

	Set objRecordSet = objCommand.Execute

	

	objRecordSet.MoveFirst

	Do Until objRecordSet.EOF

		strADsPath = objRecordSet.Fields("ADsPath").Value

		

		Set objComputer = GetObject(objRecordSet.Fields("ADsPath").Value)

		

		msgbox(strADsPath)

		msgbox("delete")

		strADsPath.DeleteObject (0)

		Wscript.Echo "The Computer Account has been deleted."

		

		objRecordSet.MoveNext

			

	Loop

	End Function 
 
 
 

Function isComputerAccountExists(host)

	Dim conn, cmd , rs

	Set conn = CreateObject("ADODB.Connection")

	Set cmd = CreateObject("ADODB.Command")
 

	conn.provider = "adsdsoobject"

	conn.open "active directory provider", "DallasMLP\username", "password"

	cmd.activeconnection = conn

	cmd.commandtext = "<LDAP://192.168.5.221/dc=DallasMLP,dc=com>;" & "(&(objectcategory=computer)(objectclass=computer)(cn=" & host & "));cn;subtree"
 

	Set rs = cmd.Execute
 

	If rs.recordcount = 0 Then

	isComputerAccountExists = False

	Else

	isComputerAccountExists = True

	End If
 

	Set rs = Nothing

	Set cmd = Nothing

	Set conn = Nothing

		End Function 

Open in new window

0
 

Author Comment

by:mlptechnical
Comment Utility
Any updates? The problem still boils down to the fact that for whatever reason, objComputer can't get the value assigned to it.

Please Help!
0
 
LVL 14

Expert Comment

by:BigBadWolf_000
Comment Utility
Ran with line below and it worked fine...Are u runnning the first script u posted on a DC or from a client PC
set objComputer = GetObject("LDAP://CN=" & strComputer & ",CN=computers,DC=mydomain,DC=us,DC=com")
0
 

Author Comment

by:mlptechnical
Comment Utility
From a client computer that isn't joined to the domain. But it does connect and pass admin credintials.
0
 
LVL 14

Expert Comment

by:BigBadWolf_000
Comment Utility
FYI....i ran the first script on a DC.
Have you tried running it on a PC on the domain? just to eliminate syntax vs accesscontrol issues
0
 

Author Comment

by:mlptechnical
Comment Utility
Yup, i even tried that simple three line one on the domain and that still didn't work.
0
 

Author Comment

by:mlptechnical
Comment Utility
does it make a difference if the OS is running server 2008 or not?
0
 
LVL 14

Accepted Solution

by:
BigBadWolf_000 earned 500 total points
Comment Utility
Hmmmm it may. I tested on 2003 domain...don't have 2008 domain to test on..
Try this script...

http://groups.google.com/group/microsoft.public.adsi.general/browse_thread/thread/419098cbfb3b7f55/cd52d33f0a597f3b
 
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Over the years I have built up my own little library of code snippets that I refer to when programming or writing a script.  Many of these have come from the web or adaptations from snippets I find on the Web.  Periodically I add to them when I come…
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now