Solved

Delete computer account from AD from a workstation not on domain

Posted on 2009-05-06
6
1,336 Views
Last Modified: 2012-05-06
Hello,

I'm looking for a script that will prompt a user for a computername, then search AD for that computername, and delete it.  The script needs to be able to run from an XP machine that is not a member of the domain (yet).  

I've found several vbscripts on EE's website that query AD and delete computer accounts, and they work great as long as you run them from a machine that is on the domain.  

Basically, I'd like a script that prompts the user for not only the machine name they'd like to delete, but also for their admin username and password.  I've found one vbscript on another post courtesy of kelvinight, but it needs to be able to prompt the user for network credentials as well as the computer name...  

Any help would be appreciated.  I'm including the vbscript from kelvinight below.  Here's the question that came from:
http://www.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/Q_24062723.html
Const ADS_SCOPE_SUBTREE = 2

Const ADS_SECURE_AUTHENTICATION = 1

 

Set objConnection = CreateObject("ADODB.Connection")

Set objCommand =   CreateObject("ADODB.Command")

objConnection.Provider = "ADsDSOObject"

objConnection.Properties("User ID") = "test\admin"

objConnection.Properties("Password") = "home"

objConnection.Properties("Encrypt Password") = True

objConnection.Properties("ADSI Flag") = 1

 

strComputer = "test"

strDomain = "srv.test.com"

 

objConnection.Open "Active Directory Provider"

Set objCommand.ActiveConnection = objConnection

 

objCommand.Properties("Page Size") = 100

objCommand.Properties("Cache Results") = False

objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

 

objCommand.CommandText = _

    "SELECT ADsPath FROM 'LDAP://" & strDomain & "' WHERE objectCategory='computer' " & _

        "AND Name='" & strComputer & "'"

Set objRecordSet = objCommand.Execute

 

objRecordSet.MoveFirst

 

strADsPath = ""

While Not objRecordSet.EOF

    strADsPath = objRecordSet.Fields("ADsPath").Value

    objRecordSet.MoveNext

Wend

If strADsPath = "" Then

      MsgBox "Computer not found."

Else

      MsgBox "Computer path: " & strADsPath

      Set objNS = GetObject("LDAP:")

      Set objComputer =  objNS.OpenDSObject(strADsPath, "test\admin", "home",ADS_SECURE_AUTHENTICATION)

        objComputer.DeleteObject (0)

End If

Open in new window

0
Comment
Question by:damoncf1234
  • 2
  • 2
  • 2
6 Comments
 
LVL 7

Accepted Solution

by:
Hubasan earned 400 total points
ID: 24317375
Hi damoncf1234,
I have included all the things you requested from above. If you have any questions, please let me know.

Here try this:
On Error Resume Next
 

Const ADS_SCOPE_SUBTREE = 2

Const ADS_SECURE_AUTHENTICATION = 1

Const cTitle = "Delete Computer from Domain"

Set oWS = CreateObject("WScript.Shell")

Set objConnection = CreateObject("ADODB.Connection")

Set objCommand =   CreateObject("ADODB.Command")

objConnection.Provider = "ADsDSOObject"
 

sUser = InputBox("Please type your Domain and UserID and click OK",cTitle ,"DOMAIN\UserID")

sPassword = InputBox("Please type in your Network password and click OK",cTitle,"YourPasswordHere")

strComputer = InputBox("Please type in ComputerName of the computer you want to delete",cTitle,"ComputerNameHere")

objConnection.Properties("User ID") = sUser

objConnection.Properties("Password") = sPassword

objConnection.Properties("Encrypt Password") = True

objConnection.Properties("ADSI Flag") = 1
 

sUserDom = Split(sUser,"\")

strDomain = sUserDom(0)

 

objConnection.Open "Active Directory Provider"

Set objCommand.ActiveConnection = objConnection

 

objCommand.Properties("Page Size") = 100

objCommand.Properties("Cache Results") = False

objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

 

objCommand.CommandText = _

    "SELECT ADsPath FROM 'LDAP://" & strDomain & "' WHERE objectCategory='computer' " & _

        "AND Name='" & strComputer & "'"

Set objRecordSet = objCommand.Execute

 

objRecordSet.MoveFirst

 

strADsPath = ""

While Not objRecordSet.EOF

    strADsPath = objRecordSet.Fields("ADsPath").Value

    objRecordSet.MoveNext

Wend

If strADsPath = "" Then

      oWS.Popup "Computer not found in domain: " & strDomain, ,cTitle , vbExclamation

Else

      oWS.Popup "Computer path: " & strADsPath, ,cTitle,vbInformation

      Set objNS = GetObject("LDAP:")

      Set objComputer =  objNS.OpenDSObject(strADsPath, sUser, sPassword,ADS_SECURE_AUTHENTICATION)

        objComputer.DeleteObject (0)

      If Err.Number <> 0 Then

      	oWS.Popup "Computer " & strComputer & " NOT deleted from domain: " & strDomain & vbcrlf &_

      	"Error Number: " & Err.Number & vbCrLf &_

      	"Error Description: " & Err.Description, ,cTitle, vbCritical

      End If

End If

Open in new window

0
 
LVL 27

Assisted Solution

by:bluntTony
bluntTony earned 100 total points
ID: 24317439
Have a go with this.

I've tested from an untrusted domain, rather than a workgroup but the principal is the same. The script prompts you for:

The FQDN of the domain controller to connect to
User name (DOMAIN\USER)
Password
Machine account name to delete

I've changed the logic of the code a little and removed some unnecessary lines.

Let me know if this works for you.
Const ADS_SCOPE_SUBTREE = 2

Const ADS_SECURE_AUTHENTICATION = 1
 

strLDAPServer = InputBox("Please Enter The DC To Connect To","Enter DC Name")

strUser = InputBox("Please Enter The User Name To Perform Operation - DOMAIN\USER","Enter User Name")

strPass = InputBox("Please Enter The Password To Perform Operation","Enter Password")

strComputer = InputBox("Please Enter The CN Of the machine to delete","Enter Machine")
 

Set objConnection = CreateObject("ADODB.Connection")

Set objCommand =   CreateObject("ADODB.Command")

objConnection.Provider = "ADsDSOObject"

objConnection.Properties("User ID") = strUser

objConnection.Properties("Password") = StrPass

objConnection.Properties("Encrypt Password") = True

objConnection.Properties("ADSI Flag") = 1

 

objConnection.Open "Active Directory Provider"

Set objCommand.ActiveConnection = objConnection

 

objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

 

objCommand.CommandText = "SELECT ADsPath FROM 'LDAP://" & strLDAPServer & "' WHERE objectCategory='computer' AND Name='" & strComputer & "'"

Set objRecordSet = objCommand.Execute

 

If objRecordset.RecordCount = 1 Then

	objRecordSet.MoveFirst

	strADsPath = objRecordSet.Fields("ADsPath").Value

    WScript.Echo "Computer path: " & strADsPath

	Set objNS = GetObject("LDAP:")

	Set objComputer =  objNS.OpenDSObject(strADsPath, strUser, strPass,ADS_SECURE_AUTHENTICATION)

	objComputer.DeleteObject (0)

	WScript.Echo "Found and deleted computer account from path: " & strADsPath

Else

	If objRecordset.RecordCount = 0 Then MsgBox "Computer not found." Else WScript.Echo "Ambiguous search result. Aborting"

End If

Open in new window

0
 

Author Comment

by:damoncf1234
ID: 24329667
Hubasan, thanks.  That script worked great.  

Tony, thanks for the help as well.  One thing with your proposed solution; the user's admin password was not masked, so anyone looking over someone's shoulder would be able to see a password being typed in...
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 

Author Closing Comment

by:damoncf1234
ID: 31578509
Thanks for the help.
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24333864
Sorry Hubasan - I didn''t refresh before posting.

damoncf1234 - I don't think either script masks user input. I'm not sure how you would do this with VBS.

Glad you got it sorted though...
0
 
LVL 7

Expert Comment

by:Hubasan
ID: 24337217
No problem bluntTony,

It happened a lot to me when I first started here, so now I just refresh the thread before posting to make sure users are not getting help from another expert :-)

damoncf1234,

Masking the password is not possible in VBS, while using a default wscript.exe provider as a default. So unless you were to use HTA with embedded VBS which is an unnecessary complication in my opinion, you will not be able to do it.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now