Solved

Disjoin a computer from the domain

Posted on 2009-07-09
23
693 Views
Last Modified: 2012-06-21
The script belowe joins a computer to the domain if a computer is in a workgroup.
how for instance, If a computer  is in DOMAIN1 and I want to disjoin it and rejoin it to DOMAIN2, the script below doesn't do it.
I would like to have a script that disjoins the computer from the Domain1.

Thanks



=======================
script.sleep 60
Const JOIN_DOMAIN = 1
Const ACCT_CREATE = 2
Const ACCT_DELETE = 4
Const WIN9X_UPGRADE = 16
Const DOMAIN_JOIN_IF_JOINED = 32
Const JOIN_UNSECURE = 64
Const MACHINE_PASSWORD_PASSED = 128
Const DEFERRED_SPN_SET = 256
Const INSTALL_INVOCATION = 262144
 
strDomain = "mydomain.com"
strPassword = "domainpassword"
strUser = "Administrator"
 
Set objNetwork = CreateObject("WScript.Network")
strComputer = objNetwork.ComputerName
wscript.echo strcomputer
Set objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\" & _
    strComputer & "\root\cimv2:Win32_ComputerSystem.Name='" & _
        strComputer & "'")
 
ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, _
    strPassword, strDomain & "\" & strUser, NULL, _
        JOIN_DOMAIN + ACCT_CREATE)
Dim oShell
 
Set oShell = CreateObject("Wscript.Shell")
sReturn = oShell.Run("%comspec% /c shutdown -r -t 0 -f")
===============
0
Comment
Question by:jskfan
  • 12
  • 11
23 Comments
 
LVL 26

Expert Comment

by:Pber
Comment Utility
This will unjoin the computer from the domain.  See this link:
http://www.vbsedit.com/scripts/ad/computer/scr_18.asp
 
0
 

Author Comment

by:jskfan
Comment Utility
I have the same script that I ran and didn't do anything.
0
 
LVL 26

Expert Comment

by:Pber
Comment Utility
Have you played with the DOMAIN_JOIN_IF_JOINED option during the join?
e.g.
 

ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, _

    strPassword, strDomain & "\" & strUser, NULL, _

        JOIN_DOMAIN + ACCT_CREATE + DOMAIN_JOIN_IF_JOINED)

Open in new window

0
 

Author Comment

by:jskfan
Comment Utility
NO....
is this the whole script? if not can you paste the whole script?
ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, _
    strPassword, strDomain & "\" & strUser, NULL, _
        JOIN_DOMAIN + ACCT_CREATE + DOMAIN_JOIN_IF_JOINED)

0
 
LVL 26

Expert Comment

by:Pber
Comment Utility
Sorry that was a chunk of your original code, I just added the DOMAIN_JOIN_IF_JOINED.
Here's the complete script modified

=======================

script.sleep 60

Const JOIN_DOMAIN = 1

Const ACCT_CREATE = 2

Const ACCT_DELETE = 4

Const WIN9X_UPGRADE = 16

Const DOMAIN_JOIN_IF_JOINED = 32

Const JOIN_UNSECURE = 64

Const MACHINE_PASSWORD_PASSED = 128

Const DEFERRED_SPN_SET = 256

Const INSTALL_INVOCATION = 262144

 

strDomain = "mydomain.com"

strPassword = "domainpassword"

strUser = "Administrator"

 

Set objNetwork = CreateObject("WScript.Network")

strComputer = objNetwork.ComputerName

wscript.echo strcomputer 

Set objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\" & _

    strComputer & "\root\cimv2:Win32_ComputerSystem.Name='" & _

        strComputer & "'")

 

ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, _

    strPassword, strDomain & "\" & strUser, NULL, _

        JOIN_DOMAIN + ACCT_CREATE + DOMAIN_JOIN_IF_JOINED)

Dim oShell

 

Set oShell = CreateObject("Wscript.Shell")

sReturn = oShell.Run("%comspec% /c shutdown -r -t 0 -f")

===============

Open in new window

0
 

Author Comment

by:jskfan
Comment Utility
i tried it and it doesn't disjoin it.
0
 
LVL 26

Expert Comment

by:Pber
Comment Utility
See this article: http://www.experts-exchange.com/Programming/Languages/Scripting/Q_22940881.html
You may need to disjoin in a separate step.
You could also try netdom.  That usually works the best:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Q_22566073.html
0
 
LVL 26

Expert Comment

by:Pber
Comment Utility

I must apologize.
Normally I would test some of these scripts myself before posting to work bugs out if needed, but my lab is down and can't do much testing at the moment.
Sorry
0
 

Author Comment

by:jskfan
Comment Utility
with Netdom, I will have to install it in every computer.
0
 
LVL 26

Expert Comment

by:Pber
Comment Utility
You could place it on a file share and just grant the required rights to access it.
0
 

Author Comment

by:jskfan
Comment Utility
Just for test purposes I installed MS Support tools on a computer and ran the following command and it disjoined the computer from the domain to workgroup.
netdom remove /d:mydomain mywksta /ud:mydomain\admin /pd:password

Instead of installing MS Support tools in every computer I ran the Netdom command from a computer that has MS support tools and pstools, I used psexec, but I noticed that in the target computer the command shows runnning in the task manager/processes but it stays there running without doing anything else until I kill the process.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 26

Expert Comment

by:Pber
Comment Utility
you don't need to install the support tools.   Netdom can be run from a share.  PSEXEC rocks.
Try running a command window from PSEXEC then running the netdom command from the remote command prompt.
 
0
 

Author Comment

by:jskfan
Comment Utility
here is the command:
netdom remove /d:mydomain mywksta /ud:mydomain\admin /pd:password

can you write down here, the whole command  to be used with PSEXEC?

0
 
LVL 26

Expert Comment

by:Pber
Comment Utility
Remote Command window:
psexec \\remotemachinename cmd
 
or probably what you did:
psexec \\remotemachinename netdom remove /d:mydomain mywksta /ud:mydomain\admin /pd:password
The remote command window option is good because you can see the outcome of the scripts much better than just an exit code.
0
 

Author Comment

by:jskfan
Comment Utility
I have even put the whole Netdom command in a file.cmd then copied the file to the target computer c:\drive.
Then I ran psexec \\remotecomputer file.cmd, but did not work.

I also run psexec \\remotecomputer  the whole netdom comand and didn't work.

can you just write the psexec command here then I will try it???
0
 

Author Comment

by:jskfan
Comment Utility
if I am not wrong, the psexec can just run what's one the target computer.
in my case if the support tools(Netdom) is not located in the target computer, I don't think it will work.
This is why I am looking for a VBscript or batch file that doesn't rely on the tools to be installed in the remote computer.
0
 

Author Comment

by:jskfan
Comment Utility
it looks like I found half of the solution.

I shared the MS-Support tools folder on the network.
I copied  a .cmd file to the target computer and the content of .cmd file is:

\\computerwithSupporttools netdom remove /d:mydomain mywksta /ud:mydomain\admin /pd:password

If I run this command from the target computer when logged in to the console, it works fine and disjoins the computer from the domain, but if I use PSEXEC it doesn't work.

0
 
LVL 26

Accepted Solution

by:
Pber earned 500 total points
Comment Utility

psexec \\remotemachinename -c netdom remove /d:mydomain mywksta /ud:mydomain\admin /pd:password
0
 
LVL 26

Expert Comment

by:Pber
Comment Utility
0
 

Author Comment

by:jskfan
Comment Utility
WOW this work just fine...
psexec \\remotemachinename -c netdom remove /d:mydomain mywksta /ud:mydomain\admin /pd:password

can you add a command to it to reboot the computer.
I am afraid I add another line like the ine below and what if it reboots the computer I am running the script from instead of the target computer.
Shutdown -r

0
 

Author Comment

by:jskfan
Comment Utility
OK I just added the following line and it worked
psexec \\remotecomputer shutdown -r
0
 

Author Closing Comment

by:jskfan
Comment Utility
Thanks for your help and perseverance!!!!!!!!!!!!!
0
 
LVL 26

Expert Comment

by:Pber
Comment Utility
You could also use shutdown to reboot the remote machine without using psexec:
 shutdown -m \\remotecomputer -r -f
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Log files are useful in diagnosing and repairing problems.  This is a list of common log files and their standard locations that I've compiled.   While this is not exhaustive, it is a pretty good list that I've found to be useful.  I may update it f…
The way I use Experts Exchange to assist me in analyzing and diagnosing a problem is I first enter a Verbose Question at Experts Exchange like: Office 2007 will hang when opening and saving files I then launch WordPad (any text editor will do) an…
Learn the basics of while and for loops in Python.  while loops are used for testing while, or until, a condition is met: The structure of a while loop is as follows:     while <condition>:         do something         repeate: The break statement m…
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now