Solved

Remove computer from domain and add to workgroup

Posted on 2010-09-04
18
5,069 Views
Last Modified: 2013-12-23
I have found the following code to remove a computer from a domain and add to a workgroup.  First, will this code work?  Second, can I change the value of NETSETUP_ACCT_DELETE so that it deletes the computer account rather than disabling it?

Const NETSETUP_ACCT_DELETE = 2 'Disables computer account in domain
strPassword = "password"
strUser = "DomainMgr"

Set objNetwork = CreateObject("WScript.Network")
strComputer = objNetwork.ComputerName

Set objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\" & _
 strComputer & "\root\cimv2:Win32_ComputerSystem.Name='" & strComputer & "'")
strDomain = objComputer.Domain
intReturn = objComputer.UnjoinDomainOrWorkgroup _
 (strPassword, strDomain & "\" & strUser, NETSETUP_ACCT_DELETE)


'Then join to a workgroup
objComputer.JoinDomainOrWorkgroup("workgroup")

Open in new window

0
Comment
Question by:bpl5000
  • 9
  • 9
18 Comments
 
LVL 8

Expert Comment

by:spinzr0
ID: 33604439
This method will work to leave to domain.  It will not delete the computer account from AD.  Do to that, use this code.
Sub DeleteComputer(sDomain, sComputerName)
    On Error Resume Next

    If Not Right(sComputerName, 1) = "$" Then sComputerName = sComputerName & "$"
    
    Const ADS_NAME_INITTYPE_GC = 3
    Const ADS_NAME_TYPE_NT4 = 3
    Const ADS_NAME_TYPE_1779 = 1
    
    Set oTrasnlate = CreateObject("NameTranslate")
    oTrasnlate.Init ADS_NAME_INITTYPE_GC, ""
    oTrasnlate.Set ADS_NAME_TYPE_NT4, sDomain & "\" & sComputerName
    
    If Err.Number <> 0 Then
        Msgbox = "Computer not found"
    Else
        Set oComputer = GetObject("LDAP://" & oTrasnlate.Get(ADS_NAME_TYPE_1779))
        If Err.Number <> 0 Then
            Msgbox "Computer not found"
        Else
            oComputer.DeleteObject(0)
            Msgbox "Deleted computer."
        End If
    End If
End Sub

Open in new window

0
 
LVL 5

Author Comment

by:bpl5000
ID: 33604659
Ok, but the user who is logged in will not have the rights to remove the object from the domain so I need a script that will specify a username/password that has rights.
0
 
LVL 8

Expert Comment

by:spinzr0
ID: 33604666
No probelm.  Will post shortly.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 8

Expert Comment

by:spinzr0
ID: 33604680
Here you go.
Sub DeleteComputer(sDomain, sComputerName, sAdminUser, sAdminPass)
    On Error Resume Next

    If Not Right(sComputerName, 1) = "$" Then sComputerName = sComputerName & "$"

    Const ADS_NAME_INITTYPE_DOMAIN = 1
    Const ADS_NAME_TYPE_NT4 = 3
    Const ADS_NAME_TYPE_1779 = 1
    
    Set oTrasnlate = CreateObject("NameTranslate")
    oTranslate.InitEx ADS_NAME_INITTYPE_DOMAIN, sDomain, sAdminUser, sDomain, sAdminPass
    oTrasnlate.Set ADS_NAME_TYPE_NT4, sDomain & "\" & sComputerName
    
    If Err.Number <> 0 Then
        Msgbox = "Computer not found"
    Else
        Set oComputer = GetObject("LDAP://" & oTrasnlate.Get(ADS_NAME_TYPE_1779))
        If Err.Number <> 0 Then
            Msgbox "Computer not found"
        Else
            oComputer.DeleteObject(0)
            Msgbox "Deleted computer."
        End If
    End If
End Sub

Open in new window

0
 
LVL 5

Author Comment

by:bpl5000
ID: 33605240
Oh okay, I see... you are giving me code that deletes the computer account from the domain.  I do want to accomplish that, but I mainly want to remove the computer from the domain and add it to a workgroup.
0
 
LVL 8

Expert Comment

by:spinzr0
ID: 33605276
the code you have will remove it from the domain and join the workgroup.  I was just adding how to remove it from AD.
0
 
LVL 5

Author Comment

by:bpl5000
ID: 33605569
I have tried the code I posted on a Windows 7 workstation and it doesn't seem to work.  Finally I tried setting Const NETSETUP_ACCT_DELETE equal to 0 and that worked.  Using 2 is suppose to disable the computer account, but I guess that's not important since I am going to delete the account.  Now that I have my code working, I'll add your code and test it.  Thanks for the help!
0
 
LVL 5

Author Comment

by:bpl5000
ID: 33606656
The code ran without errors, but the computer account still remained in AD.  I'll remove the "on error resume next" and see if I get an error message.
0
 
LVL 8

Expert Comment

by:spinzr0
ID: 33606774
How'd it go?
0
 
LVL 5

Author Comment

by:bpl5000
ID: 33607100
I get the following error...

Object required: 'oTranslate'
Code: 800A01A8

The error happens on this line...

oTranslate.InitEx ADS_NAME_INITTYPE_DOMAIN, sDomain, sAdminUser, sDomain, sAdminPass

Any ideas why?
0
 
LVL 8

Expert Comment

by:spinzr0
ID: 33607280
I have a typo in my code, sorry.

the line: Set oTrasnlate = CreateObject("NameTranslate")
should be: Set oTranslate = CreateObject("NameTranslate")
0
 
LVL 5

Author Comment

by:bpl5000
ID: 33608353
Can't believe I didn't notice that when I copied and pasted it!  Now I'm getting another error...

"Name translation: Could not find the name or insufficient right to see name."

It happens on this line...

    oTranslate.Set ADS_NAME_TYPE_NT4, sDomain & "\" & sComputerName

Could this be because the computer has been removed from the domain?  I'm thinking it should still work because we are authenticating to the domain.
0
 
LVL 8

Expert Comment

by:spinzr0
ID: 33608376
It should still work.  You could try deleting it before you remove it from the domain.
0
 
LVL 5

Author Comment

by:bpl5000
ID: 33608758
Ok, I found out that when I supply the domain/computername, it needs to be the short domain name (MyOrg instead of MyOrg.local.  When running the oTranslate.InitEx, the full domain name works.

Now I get to "oComputer.DeleteObject(0)" and I get "permission denied."  Is this because I'm not using my credentials on this line?  The logged in user will not have rights to delete objects, but the credentials I supply will have.
0
 
LVL 5

Author Comment

by:bpl5000
ID: 33608784
I think when I "Set oComputer", I need to use credentials.  Do you know if that's possible?
0
 
LVL 8

Expert Comment

by:spinzr0
ID: 33608831
This should do it.  Please note you also need to supply a domain controller.
Sub DeleteComputer(sDomain, sComputerName, sAdminUser, sAdminPass, sDomainController)
    On Error Resume Next

    If Not Right(sComputerName, 1) = "$" Then sComputerName = sComputerName & "$"

    Const ADS_NAME_INITTYPE_DOMAIN = 1
    Const ADS_NAME_TYPE_NT4 = 3
    Const ADS_NAME_TYPE_1779 = 1
    Const ADS_SECURE_AUTHENTICATION = &H1
    Const ADS_SERVER_BIND = &H200
    
    Set oTranslate = CreateObject("NameTranslate")
    oTranslate.InitEx ADS_NAME_INITTYPE_DOMAIN, sDomain, sAdminUser, sDomain, sAdminPass
    oTranslate.Set ADS_NAME_TYPE_NT4, sDomain & "\" & sComputerName
    
    If Err.Number <> 0 Then
        Msgbox = "Computer not found"
    Else
        Set oLDAP = GetObject("LDAP:")
        Set oComputer = oLDAP.OpenDSObject("LDAP://" & sDomainController & "/" & oTrasnlate.Get(ADS_NAME_TYPE_1779), sDomain & "\" & sAdminUser, sAdminPass, ADS_SECURE_AUTHENTICATION + ADS_SERVER_BIND)

        If Err.Number <> 0 Then
            Msgbox "Computer not found"
        Else
            oComputer.DeleteObject(0)
            Msgbox "Deleted computer."
        End If
    End If
End Sub

Open in new window

0
 
LVL 8

Accepted Solution

by:
spinzr0 earned 500 total points
ID: 33608863
And i typoed otranslate again.  Corrected.
Sub DeleteComputer(sDomain, sComputerName, sAdminUser, sAdminPass, sDomainController)
    On Error Resume Next

    If Not Right(sComputerName, 1) = "$" Then sComputerName = sComputerName & "$"

    Const ADS_NAME_INITTYPE_DOMAIN = 1
    Const ADS_NAME_TYPE_NT4 = 3
    Const ADS_NAME_TYPE_1779 = 1
    Const ADS_SECURE_AUTHENTICATION = &H1
    Const ADS_SERVER_BIND = &H200
    
    Set oTranslate = CreateObject("NameTranslate")
    oTranslate.InitEx ADS_NAME_INITTYPE_DOMAIN, sDomain, sAdminUser, sDomain, sAdminPass
    oTranslate.Set ADS_NAME_TYPE_NT4, sDomain & "\" & sComputerName
    
    If Err.Number <> 0 Then
        Msgbox = "Computer not found"
    Else
        Set oLDAP = GetObject("LDAP:")
        Set oComputer = oLDAP.OpenDSObject("LDAP://" & sDomainController & "/" & oTranslate.Get(ADS_NAME_TYPE_1779), sDomain & "\" & sAdminUser, sAdminPass, ADS_SECURE_AUTHENTICATION + ADS_SERVER_BIND)

        If Err.Number <> 0 Then
            Msgbox "Computer not found"
        Else
            oComputer.DeleteObject(0)
            Msgbox "Deleted computer."
        End If
    End If
End Sub

Open in new window

0
 
LVL 5

Author Comment

by:bpl5000
ID: 33613398
Works awesome!  I greatly appreciate all the help!
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question