Solved

Delete computer account from AD from a workstation not on domain

Posted on 2009-05-06
6
1,320 Views
Last Modified: 2012-05-06
Hello,

I'm looking for a script that will prompt a user for a computername, then search AD for that computername, and delete it.  The script needs to be able to run from an XP machine that is not a member of the domain (yet).  

I've found several vbscripts on EE's website that query AD and delete computer accounts, and they work great as long as you run them from a machine that is on the domain.  

Basically, I'd like a script that prompts the user for not only the machine name they'd like to delete, but also for their admin username and password.  I've found one vbscript on another post courtesy of kelvinight, but it needs to be able to prompt the user for network credentials as well as the computer name...  

Any help would be appreciated.  I'm including the vbscript from kelvinight below.  Here's the question that came from:
http://www.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/Q_24062723.html
Const ADS_SCOPE_SUBTREE = 2

Const ADS_SECURE_AUTHENTICATION = 1

 

Set objConnection = CreateObject("ADODB.Connection")

Set objCommand =   CreateObject("ADODB.Command")

objConnection.Provider = "ADsDSOObject"

objConnection.Properties("User ID") = "test\admin"

objConnection.Properties("Password") = "home"

objConnection.Properties("Encrypt Password") = True

objConnection.Properties("ADSI Flag") = 1

 

strComputer = "test"

strDomain = "srv.test.com"

 

objConnection.Open "Active Directory Provider"

Set objCommand.ActiveConnection = objConnection

 

objCommand.Properties("Page Size") = 100

objCommand.Properties("Cache Results") = False

objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

 

objCommand.CommandText = _

    "SELECT ADsPath FROM 'LDAP://" & strDomain & "' WHERE objectCategory='computer' " & _

        "AND Name='" & strComputer & "'"

Set objRecordSet = objCommand.Execute

 

objRecordSet.MoveFirst

 

strADsPath = ""

While Not objRecordSet.EOF

    strADsPath = objRecordSet.Fields("ADsPath").Value

    objRecordSet.MoveNext

Wend

If strADsPath = "" Then

      MsgBox "Computer not found."

Else

      MsgBox "Computer path: " & strADsPath

      Set objNS = GetObject("LDAP:")

      Set objComputer =  objNS.OpenDSObject(strADsPath, "test\admin", "home",ADS_SECURE_AUTHENTICATION)

        objComputer.DeleteObject (0)

End If

Open in new window

0
Comment
Question by:damoncf1234
  • 2
  • 2
  • 2
6 Comments
 
LVL 7

Accepted Solution

by:
Hubasan earned 400 total points
ID: 24317375
Hi damoncf1234,
I have included all the things you requested from above. If you have any questions, please let me know.

Here try this:
On Error Resume Next
 

Const ADS_SCOPE_SUBTREE = 2

Const ADS_SECURE_AUTHENTICATION = 1

Const cTitle = "Delete Computer from Domain"

Set oWS = CreateObject("WScript.Shell")

Set objConnection = CreateObject("ADODB.Connection")

Set objCommand =   CreateObject("ADODB.Command")

objConnection.Provider = "ADsDSOObject"
 

sUser = InputBox("Please type your Domain and UserID and click OK",cTitle ,"DOMAIN\UserID")

sPassword = InputBox("Please type in your Network password and click OK",cTitle,"YourPasswordHere")

strComputer = InputBox("Please type in ComputerName of the computer you want to delete",cTitle,"ComputerNameHere")

objConnection.Properties("User ID") = sUser

objConnection.Properties("Password") = sPassword

objConnection.Properties("Encrypt Password") = True

objConnection.Properties("ADSI Flag") = 1
 

sUserDom = Split(sUser,"\")

strDomain = sUserDom(0)

 

objConnection.Open "Active Directory Provider"

Set objCommand.ActiveConnection = objConnection

 

objCommand.Properties("Page Size") = 100

objCommand.Properties("Cache Results") = False

objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

 

objCommand.CommandText = _

    "SELECT ADsPath FROM 'LDAP://" & strDomain & "' WHERE objectCategory='computer' " & _

        "AND Name='" & strComputer & "'"

Set objRecordSet = objCommand.Execute

 

objRecordSet.MoveFirst

 

strADsPath = ""

While Not objRecordSet.EOF

    strADsPath = objRecordSet.Fields("ADsPath").Value

    objRecordSet.MoveNext

Wend

If strADsPath = "" Then

      oWS.Popup "Computer not found in domain: " & strDomain, ,cTitle , vbExclamation

Else

      oWS.Popup "Computer path: " & strADsPath, ,cTitle,vbInformation

      Set objNS = GetObject("LDAP:")

      Set objComputer =  objNS.OpenDSObject(strADsPath, sUser, sPassword,ADS_SECURE_AUTHENTICATION)

        objComputer.DeleteObject (0)

      If Err.Number <> 0 Then

      	oWS.Popup "Computer " & strComputer & " NOT deleted from domain: " & strDomain & vbcrlf &_

      	"Error Number: " & Err.Number & vbCrLf &_

      	"Error Description: " & Err.Description, ,cTitle, vbCritical

      End If

End If

Open in new window

0
 
LVL 27

Assisted Solution

by:bluntTony
bluntTony earned 100 total points
ID: 24317439
Have a go with this.

I've tested from an untrusted domain, rather than a workgroup but the principal is the same. The script prompts you for:

The FQDN of the domain controller to connect to
User name (DOMAIN\USER)
Password
Machine account name to delete

I've changed the logic of the code a little and removed some unnecessary lines.

Let me know if this works for you.
Const ADS_SCOPE_SUBTREE = 2

Const ADS_SECURE_AUTHENTICATION = 1
 

strLDAPServer = InputBox("Please Enter The DC To Connect To","Enter DC Name")

strUser = InputBox("Please Enter The User Name To Perform Operation - DOMAIN\USER","Enter User Name")

strPass = InputBox("Please Enter The Password To Perform Operation","Enter Password")

strComputer = InputBox("Please Enter The CN Of the machine to delete","Enter Machine")
 

Set objConnection = CreateObject("ADODB.Connection")

Set objCommand =   CreateObject("ADODB.Command")

objConnection.Provider = "ADsDSOObject"

objConnection.Properties("User ID") = strUser

objConnection.Properties("Password") = StrPass

objConnection.Properties("Encrypt Password") = True

objConnection.Properties("ADSI Flag") = 1

 

objConnection.Open "Active Directory Provider"

Set objCommand.ActiveConnection = objConnection

 

objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

 

objCommand.CommandText = "SELECT ADsPath FROM 'LDAP://" & strLDAPServer & "' WHERE objectCategory='computer' AND Name='" & strComputer & "'"

Set objRecordSet = objCommand.Execute

 

If objRecordset.RecordCount = 1 Then

	objRecordSet.MoveFirst

	strADsPath = objRecordSet.Fields("ADsPath").Value

    WScript.Echo "Computer path: " & strADsPath

	Set objNS = GetObject("LDAP:")

	Set objComputer =  objNS.OpenDSObject(strADsPath, strUser, strPass,ADS_SECURE_AUTHENTICATION)

	objComputer.DeleteObject (0)

	WScript.Echo "Found and deleted computer account from path: " & strADsPath

Else

	If objRecordset.RecordCount = 0 Then MsgBox "Computer not found." Else WScript.Echo "Ambiguous search result. Aborting"

End If

Open in new window

0
 

Author Comment

by:damoncf1234
ID: 24329667
Hubasan, thanks.  That script worked great.  

Tony, thanks for the help as well.  One thing with your proposed solution; the user's admin password was not masked, so anyone looking over someone's shoulder would be able to see a password being typed in...
0
 

Author Closing Comment

by:damoncf1234
ID: 31578509
Thanks for the help.
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24333864
Sorry Hubasan - I didn''t refresh before posting.

damoncf1234 - I don't think either script masks user input. I'm not sure how you would do this with VBS.

Glad you got it sorted though...
0
 
LVL 7

Expert Comment

by:Hubasan
ID: 24337217
No problem bluntTony,

It happened a lot to me when I first started here, so now I just refresh the thread before posting to make sure users are not getting help from another expert :-)

damoncf1234,

Masking the password is not possible in VBS, while using a default wscript.exe provider as a default. So unless you were to use HTA with embedded VBS which is an unnecessary complication in my opinion, you will not be able to do it.
0

Join & Write a Comment

Not long ago I saw a question in the VB Script forum that I thought would not take much time. You can read that question (Question ID  (http://www.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/Q_28455246.html)28455246) Here (http…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now