Solved

Remove Computer Account from the domain problems

Posted on 2009-04-07
15
838 Views
Last Modified: 2012-08-13
I am trying to remove a computer account from the domain, but for whatever reason when I try to run even a simple 3 line computer removal script I get the attached error.

What can I do to get this to work? Why would I not be able to set the value of objComputer?


strComputer = "EBTESTVM2003"
 
set objComputer = GetObject("LDAP://CN=" & strComputer & ",CN=Test,CN=Servers,DC=Domain,DC=com")
 
objComputer.DeleteObject (0)

Open in new window

error.bmp
0
Comment
Question by:mlptechnical
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
15 Comments
 
LVL 5

Expert Comment

by:Stappmeyer
ID: 24092765
Check your LDAP context.  I am guessing you created the OUs "Test" and "Servers".  
The context is likely to be "ou=Test,ou=Servers,DC=Domain,DC=com"

The CN=Users and CN=Computers containers are computer-protected objects. For backward compatibility reasons.  (This is why the have the CN= designation.)

Steve
0
 
LVL 14

Expert Comment

by:BigBadWolf_000
ID: 24092831
You are missing the underscore after &
see bekow
set objComputer = GetObject("LDAP://CN=" & strComputer & _
    ",CN=Test,CN=Servers,DC=Domain,DC=com")

Open in new window

0
 
LVL 14

Expert Comment

by:BigBadWolf_000
ID: 24092835
Ooops ignore above entry
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 18

Expert Comment

by:Americom
ID: 24094142
There's nothing wrong on your script. Double check on your your OU path and make sure there is a computer account object in the "Test" OU and this OU is under the "Servers" OU and so on.
0
 
LVL 14

Expert Comment

by:BigBadWolf_000
ID: 24096885
Use this script to get/verify you are using correct LDAP path for the computer object in your original script.

'replace with the computer account with $ on the end
Public Const ADS_NAME_INITTYPE_GC = 3
Public Const ADS_NAME_TYPE_1779 = 1
Public const ADS_NAME_TYPE_NT4 = 3
 
sSAMAccountName = "domain\computername$"
 
Set oNTr = WScript.CreateObject("NameTranslate")
oNTr.Init ADS_NAME_INITTYPE_GC, ""
oNTr.Set ADS_NAME_TYPE_NT4, sSAMAccountName
GetDNFromSAM = oNTr.Get(ADS_NAME_TYPE_1779)
 
Set oUser = GetObject("GC://" & GetDNFromSAM)
sUserContainerDN = Replace(lcase(oUser.distinguishedName), lcase("cn=" & oUser.cn) & ",", "")
WScript.Echo sUserContainerDN 

Open in new window

0
 

Author Comment

by:mlptechnical
ID: 24097653
All,

That path I gave is just a test path. I have a real script that runs that looks up the computer name and returns the full path. The path that it is currently trying to use is:

LDAP://10.6.24.221/CN=TESTEB04,OU=Production,OU=Desktops,OU=MLPComputers,DC=DallasMlp,DC=COM

i am not manually entering this into the script, but i am using this command to set the object:

Set objComputer = GetObject(objRecordSet.Fields("ADsPath").Value)

It fails no matter which computer I use, it fails if i try and set it manually or automatically, and I am having lots of issues with it


0
 
LVL 14

Expert Comment

by:BigBadWolf_000
ID: 24099643
Can u post your script...it will be easier to troublshoot
0
 

Author Comment

by:mlptechnical
ID: 24099672

Set objNetwork = CreateObject("WScript.Network") 
strComputer = objNetwork.ComputerName 
 
if isComputerAccountExists(strComputer) = true then
	msgbox(strComputer & " Is on the Domain")
	DeleteComputer(strComputer)
else
	msgbox(strComputer & " Is not on the Domain")
end if
 
 
Function DeleteComputer(ComputerName)
	Const ADS_SCOPE_SUBTREE = 2
	
	Set objConnection = CreateObject("ADODB.Connection")
	Set objCommand =   CreateObject("ADODB.Command")
	objConnection.Provider = "ADsDSOObject"
	objConnection.open "active directory provider", "DallasMLP\username", "password"
	
	Set objCommand.ActiveConnection = objConnection
	objCommand.Properties("Page Size") = 1000
	objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 
	
	objCommand.CommandText = "SELECT ADsPath FROM 'LDAP://192.168.5.221/dc=DallasMLP,dc=com' WHERE objectCategory='computer' " & "AND name='" & ComputerName & "'"
	Set objRecordSet = objCommand.Execute
	
	objRecordSet.MoveFirst
	Do Until objRecordSet.EOF
		strADsPath = objRecordSet.Fields("ADsPath").Value
		
		Set objComputer = GetObject(objRecordSet.Fields("ADsPath").Value)
		
		msgbox(strADsPath)
		msgbox("delete")
		strADsPath.DeleteObject (0)
		Wscript.Echo "The Computer Account has been deleted."
		
		objRecordSet.MoveNext
			
	Loop
	End Function 
 
 
 
Function isComputerAccountExists(host)
	Dim conn, cmd , rs
	Set conn = CreateObject("ADODB.Connection")
	Set cmd = CreateObject("ADODB.Command")
 
	conn.provider = "adsdsoobject"
	conn.open "active directory provider", "DallasMLP\username", "password"
	cmd.activeconnection = conn
	cmd.commandtext = "<LDAP://192.168.5.221/dc=DallasMLP,dc=com>;" & "(&(objectcategory=computer)(objectclass=computer)(cn=" & host & "));cn;subtree"
 
	Set rs = cmd.Execute
 
	If rs.recordcount = 0 Then
	isComputerAccountExists = False
	Else
	isComputerAccountExists = True
	End If
 
	Set rs = Nothing
	Set cmd = Nothing
	Set conn = Nothing
		End Function 

Open in new window

0
 

Author Comment

by:mlptechnical
ID: 24108739
Any updates? The problem still boils down to the fact that for whatever reason, objComputer can't get the value assigned to it.

Please Help!
0
 
LVL 14

Expert Comment

by:BigBadWolf_000
ID: 24109391
Ran with line below and it worked fine...Are u runnning the first script u posted on a DC or from a client PC
set objComputer = GetObject("LDAP://CN=" & strComputer & ",CN=computers,DC=mydomain,DC=us,DC=com")
0
 

Author Comment

by:mlptechnical
ID: 24109668
From a client computer that isn't joined to the domain. But it does connect and pass admin credintials.
0
 
LVL 14

Expert Comment

by:BigBadWolf_000
ID: 24109787
FYI....i ran the first script on a DC.
Have you tried running it on a PC on the domain? just to eliminate syntax vs accesscontrol issues
0
 

Author Comment

by:mlptechnical
ID: 24110109
Yup, i even tried that simple three line one on the domain and that still didn't work.
0
 

Author Comment

by:mlptechnical
ID: 24110168
does it make a difference if the OS is running server 2008 or not?
0
 
LVL 14

Accepted Solution

by:
BigBadWolf_000 earned 500 total points
ID: 24110538
Hmmmm it may. I tested on 2003 domain...don't have 2008 domain to test on..
Try this script...

http://groups.google.com/group/microsoft.public.adsi.general/browse_thread/thread/419098cbfb3b7f55/cd52d33f0a597f3b
 
0

Featured Post

10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question