Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Disjoin a computer from the domain

Posted on 2009-07-09
23
Medium Priority
?
709 Views
Last Modified: 2012-06-21
The script belowe joins a computer to the domain if a computer is in a workgroup.
how for instance, If a computer  is in DOMAIN1 and I want to disjoin it and rejoin it to DOMAIN2, the script below doesn't do it.
I would like to have a script that disjoins the computer from the Domain1.

Thanks



=======================
script.sleep 60
Const JOIN_DOMAIN = 1
Const ACCT_CREATE = 2
Const ACCT_DELETE = 4
Const WIN9X_UPGRADE = 16
Const DOMAIN_JOIN_IF_JOINED = 32
Const JOIN_UNSECURE = 64
Const MACHINE_PASSWORD_PASSED = 128
Const DEFERRED_SPN_SET = 256
Const INSTALL_INVOCATION = 262144
 
strDomain = "mydomain.com"
strPassword = "domainpassword"
strUser = "Administrator"
 
Set objNetwork = CreateObject("WScript.Network")
strComputer = objNetwork.ComputerName
wscript.echo strcomputer
Set objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\" & _
    strComputer & "\root\cimv2:Win32_ComputerSystem.Name='" & _
        strComputer & "'")
 
ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, _
    strPassword, strDomain & "\" & strUser, NULL, _
        JOIN_DOMAIN + ACCT_CREATE)
Dim oShell
 
Set oShell = CreateObject("Wscript.Shell")
sReturn = oShell.Run("%comspec% /c shutdown -r -t 0 -f")
===============
0
Comment
Question by:jskfan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 12
  • 11
23 Comments
 
LVL 26

Expert Comment

by:Pber
ID: 24813039
This will unjoin the computer from the domain.  See this link:
http://www.vbsedit.com/scripts/ad/computer/scr_18.asp 
 
0
 

Author Comment

by:jskfan
ID: 24813105
I have the same script that I ran and didn't do anything.
0
 
LVL 26

Expert Comment

by:Pber
ID: 24813191
Have you played with the DOMAIN_JOIN_IF_JOINED option during the join?
e.g.
 

ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, _
    strPassword, strDomain & "\" & strUser, NULL, _
        JOIN_DOMAIN + ACCT_CREATE + DOMAIN_JOIN_IF_JOINED)

Open in new window

0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:jskfan
ID: 24813241
NO....
is this the whole script? if not can you paste the whole script?
ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, _
    strPassword, strDomain & "\" & strUser, NULL, _
        JOIN_DOMAIN + ACCT_CREATE + DOMAIN_JOIN_IF_JOINED)

0
 
LVL 26

Expert Comment

by:Pber
ID: 24813285
Sorry that was a chunk of your original code, I just added the DOMAIN_JOIN_IF_JOINED.
Here's the complete script modified

=======================
script.sleep 60
Const JOIN_DOMAIN = 1
Const ACCT_CREATE = 2
Const ACCT_DELETE = 4
Const WIN9X_UPGRADE = 16
Const DOMAIN_JOIN_IF_JOINED = 32
Const JOIN_UNSECURE = 64
Const MACHINE_PASSWORD_PASSED = 128
Const DEFERRED_SPN_SET = 256
Const INSTALL_INVOCATION = 262144
 
strDomain = "mydomain.com"
strPassword = "domainpassword"
strUser = "Administrator"
 
Set objNetwork = CreateObject("WScript.Network")
strComputer = objNetwork.ComputerName
wscript.echo strcomputer 
Set objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\" & _
    strComputer & "\root\cimv2:Win32_ComputerSystem.Name='" & _
        strComputer & "'")
 
ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, _
    strPassword, strDomain & "\" & strUser, NULL, _
        JOIN_DOMAIN + ACCT_CREATE + DOMAIN_JOIN_IF_JOINED)
Dim oShell
 
Set oShell = CreateObject("Wscript.Shell")
sReturn = oShell.Run("%comspec% /c shutdown -r -t 0 -f")
===============

Open in new window

0
 

Author Comment

by:jskfan
ID: 24813467
i tried it and it doesn't disjoin it.
0
 
LVL 26

Expert Comment

by:Pber
ID: 24813588
See this article: http://www.experts-exchange.com/Programming/Languages/Scripting/Q_22940881.html
You may need to disjoin in a separate step.
You could also try netdom.  That usually works the best:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Q_22566073.html 
0
 
LVL 26

Expert Comment

by:Pber
ID: 24813615

I must apologize.
Normally I would test some of these scripts myself before posting to work bugs out if needed, but my lab is down and can't do much testing at the moment.
Sorry
0
 

Author Comment

by:jskfan
ID: 24813820
with Netdom, I will have to install it in every computer.
0
 
LVL 26

Expert Comment

by:Pber
ID: 24813865
You could place it on a file share and just grant the required rights to access it.
0
 

Author Comment

by:jskfan
ID: 24814033
Just for test purposes I installed MS Support tools on a computer and ran the following command and it disjoined the computer from the domain to workgroup.
netdom remove /d:mydomain mywksta /ud:mydomain\admin /pd:password

Instead of installing MS Support tools in every computer I ran the Netdom command from a computer that has MS support tools and pstools, I used psexec, but I noticed that in the target computer the command shows runnning in the task manager/processes but it stays there running without doing anything else until I kill the process.
0
 
LVL 26

Expert Comment

by:Pber
ID: 24814098
you don't need to install the support tools.   Netdom can be run from a share.  PSEXEC rocks.
Try running a command window from PSEXEC then running the netdom command from the remote command prompt.
 
0
 

Author Comment

by:jskfan
ID: 24814126
here is the command:
netdom remove /d:mydomain mywksta /ud:mydomain\admin /pd:password

can you write down here, the whole command  to be used with PSEXEC?

0
 
LVL 26

Expert Comment

by:Pber
ID: 24814157
Remote Command window:
psexec \\remotemachinename cmd
 
or probably what you did:
psexec \\remotemachinename netdom remove /d:mydomain mywksta /ud:mydomain\admin /pd:password
The remote command window option is good because you can see the outcome of the scripts much better than just an exit code.
0
 

Author Comment

by:jskfan
ID: 24814524
I have even put the whole Netdom command in a file.cmd then copied the file to the target computer c:\drive.
Then I ran psexec \\remotecomputer file.cmd, but did not work.

I also run psexec \\remotecomputer  the whole netdom comand and didn't work.

can you just write the psexec command here then I will try it???
0
 

Author Comment

by:jskfan
ID: 24814614
if I am not wrong, the psexec can just run what's one the target computer.
in my case if the support tools(Netdom) is not located in the target computer, I don't think it will work.
This is why I am looking for a VBscript or batch file that doesn't rely on the tools to be installed in the remote computer.
0
 

Author Comment

by:jskfan
ID: 24815461
it looks like I found half of the solution.

I shared the MS-Support tools folder on the network.
I copied  a .cmd file to the target computer and the content of .cmd file is:

\\computerwithSupporttools netdom remove /d:mydomain mywksta /ud:mydomain\admin /pd:password

If I run this command from the target computer when logged in to the console, it works fine and disjoins the computer from the domain, but if I use PSEXEC it doesn't work.

0
 
LVL 26

Accepted Solution

by:
Pber earned 2000 total points
ID: 24815649

psexec \\remotemachinename -c netdom remove /d:mydomain mywksta /ud:mydomain\admin /pd:password
0
 
LVL 26

Expert Comment

by:Pber
ID: 24815661
0
 

Author Comment

by:jskfan
ID: 24815850
WOW this work just fine...
psexec \\remotemachinename -c netdom remove /d:mydomain mywksta /ud:mydomain\admin /pd:password

can you add a command to it to reboot the computer.
I am afraid I add another line like the ine below and what if it reboots the computer I am running the script from instead of the target computer.
Shutdown -r

0
 

Author Comment

by:jskfan
ID: 24816032
OK I just added the following line and it worked
psexec \\remotecomputer shutdown -r
0
 

Author Closing Comment

by:jskfan
ID: 31601529
Thanks for your help and perseverance!!!!!!!!!!!!!
0
 
LVL 26

Expert Comment

by:Pber
ID: 24816211
You could also use shutdown to reboot the remote machine without using psexec:
 shutdown -m \\remotecomputer -r -f
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory replication delay is the cause to many problems.  Here is a super easy script to force Active Directory replication to all sites with by using an elevated PowerShell command prompt, and a tool to verify your changes.
A quick Powershell script I wrote to find old program installations and check versions of a specific file across the network.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

660 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question