We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

Disjoin a computer from the domain

Medium Priority
781 Views
Last Modified: 2012-06-21
The script belowe joins a computer to the domain if a computer is in a workgroup.
how for instance, If a computer  is in DOMAIN1 and I want to disjoin it and rejoin it to DOMAIN2, the script below doesn't do it.
I would like to have a script that disjoins the computer from the Domain1.

Thanks



=======================
script.sleep 60
Const JOIN_DOMAIN = 1
Const ACCT_CREATE = 2
Const ACCT_DELETE = 4
Const WIN9X_UPGRADE = 16
Const DOMAIN_JOIN_IF_JOINED = 32
Const JOIN_UNSECURE = 64
Const MACHINE_PASSWORD_PASSED = 128
Const DEFERRED_SPN_SET = 256
Const INSTALL_INVOCATION = 262144
 
strDomain = "mydomain.com"
strPassword = "domainpassword"
strUser = "Administrator"
 
Set objNetwork = CreateObject("WScript.Network")
strComputer = objNetwork.ComputerName
wscript.echo strcomputer
Set objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\" & _
    strComputer & "\root\cimv2:Win32_ComputerSystem.Name='" & _
        strComputer & "'")
 
ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, _
    strPassword, strDomain & "\" & strUser, NULL, _
        JOIN_DOMAIN + ACCT_CREATE)
Dim oShell
 
Set oShell = CreateObject("Wscript.Shell")
sReturn = oShell.Run("%comspec% /c shutdown -r -t 0 -f")
===============
Comment
Watch Question

PberSolutions Architect
CERTIFIED EXPERT

Commented:
This will unjoin the computer from the domain.  See this link:
http://www.vbsedit.com/scripts/ad/computer/scr_18.asp 
 

Author

Commented:
I have the same script that I ran and didn't do anything.
PberSolutions Architect
CERTIFIED EXPERT

Commented:
Have you played with the DOMAIN_JOIN_IF_JOINED option during the join?
e.g.
 

ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, _
    strPassword, strDomain & "\" & strUser, NULL, _
        JOIN_DOMAIN + ACCT_CREATE + DOMAIN_JOIN_IF_JOINED)

Open in new window

Author

Commented:
NO....
is this the whole script? if not can you paste the whole script?
ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, _
    strPassword, strDomain & "\" & strUser, NULL, _
        JOIN_DOMAIN + ACCT_CREATE + DOMAIN_JOIN_IF_JOINED)

PberSolutions Architect
CERTIFIED EXPERT

Commented:
Sorry that was a chunk of your original code, I just added the DOMAIN_JOIN_IF_JOINED.
Here's the complete script modified

=======================
script.sleep 60
Const JOIN_DOMAIN = 1
Const ACCT_CREATE = 2
Const ACCT_DELETE = 4
Const WIN9X_UPGRADE = 16
Const DOMAIN_JOIN_IF_JOINED = 32
Const JOIN_UNSECURE = 64
Const MACHINE_PASSWORD_PASSED = 128
Const DEFERRED_SPN_SET = 256
Const INSTALL_INVOCATION = 262144
 
strDomain = "mydomain.com"
strPassword = "domainpassword"
strUser = "Administrator"
 
Set objNetwork = CreateObject("WScript.Network")
strComputer = objNetwork.ComputerName
wscript.echo strcomputer 
Set objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\" & _
    strComputer & "\root\cimv2:Win32_ComputerSystem.Name='" & _
        strComputer & "'")
 
ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, _
    strPassword, strDomain & "\" & strUser, NULL, _
        JOIN_DOMAIN + ACCT_CREATE + DOMAIN_JOIN_IF_JOINED)
Dim oShell
 
Set oShell = CreateObject("Wscript.Shell")
sReturn = oShell.Run("%comspec% /c shutdown -r -t 0 -f")
===============

Open in new window

Author

Commented:
i tried it and it doesn't disjoin it.
PberSolutions Architect
CERTIFIED EXPERT

Commented:
See this article: http://www.experts-exchange.com/Programming/Languages/Scripting/Q_22940881.html
You may need to disjoin in a separate step.
You could also try netdom.  That usually works the best:
https://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Q_22566073.html 
PberSolutions Architect
CERTIFIED EXPERT

Commented:

I must apologize.
Normally I would test some of these scripts myself before posting to work bugs out if needed, but my lab is down and can't do much testing at the moment.
Sorry

Author

Commented:
with Netdom, I will have to install it in every computer.
PberSolutions Architect
CERTIFIED EXPERT

Commented:
You could place it on a file share and just grant the required rights to access it.

Author

Commented:
Just for test purposes I installed MS Support tools on a computer and ran the following command and it disjoined the computer from the domain to workgroup.
netdom remove /d:mydomain mywksta /ud:mydomain\admin /pd:password

Instead of installing MS Support tools in every computer I ran the Netdom command from a computer that has MS support tools and pstools, I used psexec, but I noticed that in the target computer the command shows runnning in the task manager/processes but it stays there running without doing anything else until I kill the process.
PberSolutions Architect
CERTIFIED EXPERT

Commented:
you don't need to install the support tools.   Netdom can be run from a share.  PSEXEC rocks.
Try running a command window from PSEXEC then running the netdom command from the remote command prompt.
 

Author

Commented:
here is the command:
netdom remove /d:mydomain mywksta /ud:mydomain\admin /pd:password

can you write down here, the whole command  to be used with PSEXEC?

PberSolutions Architect
CERTIFIED EXPERT

Commented:
Remote Command window:
psexec \\remotemachinename cmd
 
or probably what you did:
psexec \\remotemachinename netdom remove /d:mydomain mywksta /ud:mydomain\admin /pd:password
The remote command window option is good because you can see the outcome of the scripts much better than just an exit code.

Author

Commented:
I have even put the whole Netdom command in a file.cmd then copied the file to the target computer c:\drive.
Then I ran psexec \\remotecomputer file.cmd, but did not work.

I also run psexec \\remotecomputer  the whole netdom comand and didn't work.

can you just write the psexec command here then I will try it???

Author

Commented:
if I am not wrong, the psexec can just run what's one the target computer.
in my case if the support tools(Netdom) is not located in the target computer, I don't think it will work.
This is why I am looking for a VBscript or batch file that doesn't rely on the tools to be installed in the remote computer.

Author

Commented:
it looks like I found half of the solution.

I shared the MS-Support tools folder on the network.
I copied  a .cmd file to the target computer and the content of .cmd file is:

\\computerwithSupporttools netdom remove /d:mydomain mywksta /ud:mydomain\admin /pd:password

If I run this command from the target computer when logged in to the console, it works fine and disjoins the computer from the domain, but if I use PSEXEC it doesn't work.

Solutions Architect
CERTIFIED EXPERT
Commented:
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview
PberSolutions Architect
CERTIFIED EXPERT

Commented:

Author

Commented:
WOW this work just fine...
psexec \\remotemachinename -c netdom remove /d:mydomain mywksta /ud:mydomain\admin /pd:password

can you add a command to it to reboot the computer.
I am afraid I add another line like the ine below and what if it reboots the computer I am running the script from instead of the target computer.
Shutdown -r

Author

Commented:
OK I just added the following line and it worked
psexec \\remotecomputer shutdown -r

Author

Commented:
Thanks for your help and perseverance!!!!!!!!!!!!!
PberSolutions Architect
CERTIFIED EXPERT

Commented:
You could also use shutdown to reboot the remote machine without using psexec:
 shutdown -m \\remotecomputer -r -f
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.