• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1580
  • Last Modified:

Delete computer account from AD from a workstation not on domain

Hello,

I'm looking for a script that will prompt a user for a computername, then search AD for that computername, and delete it.  The script needs to be able to run from an XP machine that is not a member of the domain (yet).  

I've found several vbscripts on EE's website that query AD and delete computer accounts, and they work great as long as you run them from a machine that is on the domain.  

Basically, I'd like a script that prompts the user for not only the machine name they'd like to delete, but also for their admin username and password.  I've found one vbscript on another post courtesy of kelvinight, but it needs to be able to prompt the user for network credentials as well as the computer name...  

Any help would be appreciated.  I'm including the vbscript from kelvinight below.  Here's the question that came from:
http://www.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/Q_24062723.html
Const ADS_SCOPE_SUBTREE = 2
Const ADS_SECURE_AUTHENTICATION = 1
 
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Properties("User ID") = "test\admin"
objConnection.Properties("Password") = "home"
objConnection.Properties("Encrypt Password") = True
objConnection.Properties("ADSI Flag") = 1
 
strComputer = "test"
strDomain = "srv.test.com"
 
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
 
objCommand.Properties("Page Size") = 100
objCommand.Properties("Cache Results") = False
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
 
objCommand.CommandText = _
    "SELECT ADsPath FROM 'LDAP://" & strDomain & "' WHERE objectCategory='computer' " & _
        "AND Name='" & strComputer & "'"
Set objRecordSet = objCommand.Execute
 
objRecordSet.MoveFirst
 
strADsPath = ""
While Not objRecordSet.EOF
    strADsPath = objRecordSet.Fields("ADsPath").Value
    objRecordSet.MoveNext
Wend
If strADsPath = "" Then
      MsgBox "Computer not found."
Else
      MsgBox "Computer path: " & strADsPath
      Set objNS = GetObject("LDAP:")
      Set objComputer =  objNS.OpenDSObject(strADsPath, "test\admin", "home",ADS_SECURE_AUTHENTICATION)
        objComputer.DeleteObject (0)
End If

Open in new window

0
damoncf1234
Asked:
damoncf1234
  • 2
  • 2
  • 2
2 Solutions
 
HubasanCommented:
Hi damoncf1234,
I have included all the things you requested from above. If you have any questions, please let me know.

Here try this:
On Error Resume Next
 
Const ADS_SCOPE_SUBTREE = 2
Const ADS_SECURE_AUTHENTICATION = 1
Const cTitle = "Delete Computer from Domain"
Set oWS = CreateObject("WScript.Shell")
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
 
sUser = InputBox("Please type your Domain and UserID and click OK",cTitle ,"DOMAIN\UserID")
sPassword = InputBox("Please type in your Network password and click OK",cTitle,"YourPasswordHere")
strComputer = InputBox("Please type in ComputerName of the computer you want to delete",cTitle,"ComputerNameHere")
objConnection.Properties("User ID") = sUser
objConnection.Properties("Password") = sPassword
objConnection.Properties("Encrypt Password") = True
objConnection.Properties("ADSI Flag") = 1
 
sUserDom = Split(sUser,"\")
strDomain = sUserDom(0)
 
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
 
objCommand.Properties("Page Size") = 100
objCommand.Properties("Cache Results") = False
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
 
objCommand.CommandText = _
    "SELECT ADsPath FROM 'LDAP://" & strDomain & "' WHERE objectCategory='computer' " & _
        "AND Name='" & strComputer & "'"
Set objRecordSet = objCommand.Execute
 
objRecordSet.MoveFirst
 
strADsPath = ""
While Not objRecordSet.EOF
    strADsPath = objRecordSet.Fields("ADsPath").Value
    objRecordSet.MoveNext
Wend
If strADsPath = "" Then
      oWS.Popup "Computer not found in domain: " & strDomain, ,cTitle , vbExclamation
Else
      oWS.Popup "Computer path: " & strADsPath, ,cTitle,vbInformation
      Set objNS = GetObject("LDAP:")
      Set objComputer =  objNS.OpenDSObject(strADsPath, sUser, sPassword,ADS_SECURE_AUTHENTICATION)
        objComputer.DeleteObject (0)
      If Err.Number <> 0 Then
      	oWS.Popup "Computer " & strComputer & " NOT deleted from domain: " & strDomain & vbcrlf &_
      	"Error Number: " & Err.Number & vbCrLf &_
      	"Error Description: " & Err.Description, ,cTitle, vbCritical
      End If
End If

Open in new window

0
 
bluntTonyCommented:
Have a go with this.

I've tested from an untrusted domain, rather than a workgroup but the principal is the same. The script prompts you for:

The FQDN of the domain controller to connect to
User name (DOMAIN\USER)
Password
Machine account name to delete

I've changed the logic of the code a little and removed some unnecessary lines.

Let me know if this works for you.
Const ADS_SCOPE_SUBTREE = 2
Const ADS_SECURE_AUTHENTICATION = 1
 
strLDAPServer = InputBox("Please Enter The DC To Connect To","Enter DC Name")
strUser = InputBox("Please Enter The User Name To Perform Operation - DOMAIN\USER","Enter User Name")
strPass = InputBox("Please Enter The Password To Perform Operation","Enter Password")
strComputer = InputBox("Please Enter The CN Of the machine to delete","Enter Machine")
 
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Properties("User ID") = strUser
objConnection.Properties("Password") = StrPass
objConnection.Properties("Encrypt Password") = True
objConnection.Properties("ADSI Flag") = 1
 
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
 
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
 
objCommand.CommandText = "SELECT ADsPath FROM 'LDAP://" & strLDAPServer & "' WHERE objectCategory='computer' AND Name='" & strComputer & "'"
Set objRecordSet = objCommand.Execute
 
If objRecordset.RecordCount = 1 Then
	objRecordSet.MoveFirst
	strADsPath = objRecordSet.Fields("ADsPath").Value
    WScript.Echo "Computer path: " & strADsPath
	Set objNS = GetObject("LDAP:")
	Set objComputer =  objNS.OpenDSObject(strADsPath, strUser, strPass,ADS_SECURE_AUTHENTICATION)
	objComputer.DeleteObject (0)
	WScript.Echo "Found and deleted computer account from path: " & strADsPath
Else
	If objRecordset.RecordCount = 0 Then MsgBox "Computer not found." Else WScript.Echo "Ambiguous search result. Aborting"
End If

Open in new window

0
 
damoncf1234Author Commented:
Hubasan, thanks.  That script worked great.  

Tony, thanks for the help as well.  One thing with your proposed solution; the user's admin password was not masked, so anyone looking over someone's shoulder would be able to see a password being typed in...
0
Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

 
damoncf1234Author Commented:
Thanks for the help.
0
 
bluntTonyCommented:
Sorry Hubasan - I didn''t refresh before posting.

damoncf1234 - I don't think either script masks user input. I'm not sure how you would do this with VBS.

Glad you got it sorted though...
0
 
HubasanCommented:
No problem bluntTony,

It happened a lot to me when I first started here, so now I just refresh the thread before posting to make sure users are not getting help from another expert :-)

damoncf1234,

Masking the password is not possible in VBS, while using a default wscript.exe provider as a default. So unless you were to use HTA with embedded VBS which is an unnecessary complication in my opinion, you will not be able to do it.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

  • 2
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now