Improve company productivity with a Business Account.Sign Up

x
?
Solved

Remove Computer Account from the domain problems

Posted on 2009-04-07
15
Medium Priority
?
847 Views
Last Modified: 2012-08-13
I am trying to remove a computer account from the domain, but for whatever reason when I try to run even a simple 3 line computer removal script I get the attached error.

What can I do to get this to work? Why would I not be able to set the value of objComputer?


strComputer = "EBTESTVM2003"
 
set objComputer = GetObject("LDAP://CN=" & strComputer & ",CN=Test,CN=Servers,DC=Domain,DC=com")
 
objComputer.DeleteObject (0)

Open in new window

error.bmp
0
Comment
Question by:mlptechnical
15 Comments
 
LVL 5

Expert Comment

by:Stappmeyer
ID: 24092765
Check your LDAP context.  I am guessing you created the OUs "Test" and "Servers".  
The context is likely to be "ou=Test,ou=Servers,DC=Domain,DC=com"

The CN=Users and CN=Computers containers are computer-protected objects. For backward compatibility reasons.  (This is why the have the CN= designation.)

Steve
0
 
LVL 14

Expert Comment

by:BigBadWolf_000
ID: 24092831
You are missing the underscore after &
see bekow
set objComputer = GetObject("LDAP://CN=" & strComputer & _
    ",CN=Test,CN=Servers,DC=Domain,DC=com")

Open in new window

0
 
LVL 14

Expert Comment

by:BigBadWolf_000
ID: 24092835
Ooops ignore above entry
0
Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

 
LVL 18

Expert Comment

by:Americom
ID: 24094142
There's nothing wrong on your script. Double check on your your OU path and make sure there is a computer account object in the "Test" OU and this OU is under the "Servers" OU and so on.
0
 
LVL 14

Expert Comment

by:BigBadWolf_000
ID: 24096885
Use this script to get/verify you are using correct LDAP path for the computer object in your original script.

'replace with the computer account with $ on the end
Public Const ADS_NAME_INITTYPE_GC = 3
Public Const ADS_NAME_TYPE_1779 = 1
Public const ADS_NAME_TYPE_NT4 = 3
 
sSAMAccountName = "domain\computername$"
 
Set oNTr = WScript.CreateObject("NameTranslate")
oNTr.Init ADS_NAME_INITTYPE_GC, ""
oNTr.Set ADS_NAME_TYPE_NT4, sSAMAccountName
GetDNFromSAM = oNTr.Get(ADS_NAME_TYPE_1779)
 
Set oUser = GetObject("GC://" & GetDNFromSAM)
sUserContainerDN = Replace(lcase(oUser.distinguishedName), lcase("cn=" & oUser.cn) & ",", "")
WScript.Echo sUserContainerDN 

Open in new window

0
 

Author Comment

by:mlptechnical
ID: 24097653
All,

That path I gave is just a test path. I have a real script that runs that looks up the computer name and returns the full path. The path that it is currently trying to use is:

LDAP://10.6.24.221/CN=TESTEB04,OU=Production,OU=Desktops,OU=MLPComputers,DC=DallasMlp,DC=COM

i am not manually entering this into the script, but i am using this command to set the object:

Set objComputer = GetObject(objRecordSet.Fields("ADsPath").Value)

It fails no matter which computer I use, it fails if i try and set it manually or automatically, and I am having lots of issues with it


0
 
LVL 14

Expert Comment

by:BigBadWolf_000
ID: 24099643
Can u post your script...it will be easier to troublshoot
0
 

Author Comment

by:mlptechnical
ID: 24099672

Set objNetwork = CreateObject("WScript.Network") 
strComputer = objNetwork.ComputerName 
 
if isComputerAccountExists(strComputer) = true then
	msgbox(strComputer & " Is on the Domain")
	DeleteComputer(strComputer)
else
	msgbox(strComputer & " Is not on the Domain")
end if
 
 
Function DeleteComputer(ComputerName)
	Const ADS_SCOPE_SUBTREE = 2
	
	Set objConnection = CreateObject("ADODB.Connection")
	Set objCommand =   CreateObject("ADODB.Command")
	objConnection.Provider = "ADsDSOObject"
	objConnection.open "active directory provider", "DallasMLP\username", "password"
	
	Set objCommand.ActiveConnection = objConnection
	objCommand.Properties("Page Size") = 1000
	objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 
	
	objCommand.CommandText = "SELECT ADsPath FROM 'LDAP://192.168.5.221/dc=DallasMLP,dc=com' WHERE objectCategory='computer' " & "AND name='" & ComputerName & "'"
	Set objRecordSet = objCommand.Execute
	
	objRecordSet.MoveFirst
	Do Until objRecordSet.EOF
		strADsPath = objRecordSet.Fields("ADsPath").Value
		
		Set objComputer = GetObject(objRecordSet.Fields("ADsPath").Value)
		
		msgbox(strADsPath)
		msgbox("delete")
		strADsPath.DeleteObject (0)
		Wscript.Echo "The Computer Account has been deleted."
		
		objRecordSet.MoveNext
			
	Loop
	End Function 
 
 
 
Function isComputerAccountExists(host)
	Dim conn, cmd , rs
	Set conn = CreateObject("ADODB.Connection")
	Set cmd = CreateObject("ADODB.Command")
 
	conn.provider = "adsdsoobject"
	conn.open "active directory provider", "DallasMLP\username", "password"
	cmd.activeconnection = conn
	cmd.commandtext = "<LDAP://192.168.5.221/dc=DallasMLP,dc=com>;" & "(&(objectcategory=computer)(objectclass=computer)(cn=" & host & "));cn;subtree"
 
	Set rs = cmd.Execute
 
	If rs.recordcount = 0 Then
	isComputerAccountExists = False
	Else
	isComputerAccountExists = True
	End If
 
	Set rs = Nothing
	Set cmd = Nothing
	Set conn = Nothing
		End Function 

Open in new window

0
 

Author Comment

by:mlptechnical
ID: 24108739
Any updates? The problem still boils down to the fact that for whatever reason, objComputer can't get the value assigned to it.

Please Help!
0
 
LVL 14

Expert Comment

by:BigBadWolf_000
ID: 24109391
Ran with line below and it worked fine...Are u runnning the first script u posted on a DC or from a client PC
set objComputer = GetObject("LDAP://CN=" & strComputer & ",CN=computers,DC=mydomain,DC=us,DC=com")
0
 

Author Comment

by:mlptechnical
ID: 24109668
From a client computer that isn't joined to the domain. But it does connect and pass admin credintials.
0
 
LVL 14

Expert Comment

by:BigBadWolf_000
ID: 24109787
FYI....i ran the first script on a DC.
Have you tried running it on a PC on the domain? just to eliminate syntax vs accesscontrol issues
0
 

Author Comment

by:mlptechnical
ID: 24110109
Yup, i even tried that simple three line one on the domain and that still didn't work.
0
 

Author Comment

by:mlptechnical
ID: 24110168
does it make a difference if the OS is running server 2008 or not?
0
 
LVL 14

Accepted Solution

by:
BigBadWolf_000 earned 2000 total points
ID: 24110538
Hmmmm it may. I tested on 2003 domain...don't have 2008 domain to test on..
Try this script...

http://groups.google.com/group/microsoft.public.adsi.general/browse_thread/thread/419098cbfb3b7f55/cd52d33f0a597f3b
 
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

You have missed a phone call. The number looks like it belongs to the bunch of numbers which your company uses. How to find out who has just called you?
One thing I've always found frustrating is no matter how many times one asks the end users to not save things on their local machines, they do it anyway.  Forget that we don't back up the desktops - only the servers.  Well, let's sneak their data on…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

595 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question