Solved

Remove computer from domain and add to workgroup

Posted on 2010-09-04
18
4,932 Views
Last Modified: 2013-12-23
I have found the following code to remove a computer from a domain and add to a workgroup.  First, will this code work?  Second, can I change the value of NETSETUP_ACCT_DELETE so that it deletes the computer account rather than disabling it?

Const NETSETUP_ACCT_DELETE = 2 'Disables computer account in domain
strPassword = "password"
strUser = "DomainMgr"

Set objNetwork = CreateObject("WScript.Network")
strComputer = objNetwork.ComputerName

Set objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\" & _
 strComputer & "\root\cimv2:Win32_ComputerSystem.Name='" & strComputer & "'")
strDomain = objComputer.Domain
intReturn = objComputer.UnjoinDomainOrWorkgroup _
 (strPassword, strDomain & "\" & strUser, NETSETUP_ACCT_DELETE)


'Then join to a workgroup
objComputer.JoinDomainOrWorkgroup("workgroup")

Open in new window

0
Comment
Question by:bpl5000
  • 9
  • 9
18 Comments
 
LVL 8

Expert Comment

by:spinzr0
ID: 33604439
This method will work to leave to domain.  It will not delete the computer account from AD.  Do to that, use this code.
Sub DeleteComputer(sDomain, sComputerName)

    On Error Resume Next



    If Not Right(sComputerName, 1) = "$" Then sComputerName = sComputerName & "$"

    

    Const ADS_NAME_INITTYPE_GC = 3

    Const ADS_NAME_TYPE_NT4 = 3

    Const ADS_NAME_TYPE_1779 = 1

    

    Set oTrasnlate = CreateObject("NameTranslate")

    oTrasnlate.Init ADS_NAME_INITTYPE_GC, ""

    oTrasnlate.Set ADS_NAME_TYPE_NT4, sDomain & "\" & sComputerName

    

    If Err.Number <> 0 Then

        Msgbox = "Computer not found"

    Else

        Set oComputer = GetObject("LDAP://" & oTrasnlate.Get(ADS_NAME_TYPE_1779))

        If Err.Number <> 0 Then

            Msgbox "Computer not found"

        Else

            oComputer.DeleteObject(0)

            Msgbox "Deleted computer."

        End If

    End If

End Sub

Open in new window

0
 
LVL 5

Author Comment

by:bpl5000
ID: 33604659
Ok, but the user who is logged in will not have the rights to remove the object from the domain so I need a script that will specify a username/password that has rights.
0
 
LVL 8

Expert Comment

by:spinzr0
ID: 33604666
No probelm.  Will post shortly.
0
 
LVL 8

Expert Comment

by:spinzr0
ID: 33604680
Here you go.
Sub DeleteComputer(sDomain, sComputerName, sAdminUser, sAdminPass)

    On Error Resume Next



    If Not Right(sComputerName, 1) = "$" Then sComputerName = sComputerName & "$"



    Const ADS_NAME_INITTYPE_DOMAIN = 1

    Const ADS_NAME_TYPE_NT4 = 3

    Const ADS_NAME_TYPE_1779 = 1

    

    Set oTrasnlate = CreateObject("NameTranslate")

    oTranslate.InitEx ADS_NAME_INITTYPE_DOMAIN, sDomain, sAdminUser, sDomain, sAdminPass

    oTrasnlate.Set ADS_NAME_TYPE_NT4, sDomain & "\" & sComputerName

    

    If Err.Number <> 0 Then

        Msgbox = "Computer not found"

    Else

        Set oComputer = GetObject("LDAP://" & oTrasnlate.Get(ADS_NAME_TYPE_1779))

        If Err.Number <> 0 Then

            Msgbox "Computer not found"

        Else

            oComputer.DeleteObject(0)

            Msgbox "Deleted computer."

        End If

    End If

End Sub

Open in new window

0
 
LVL 5

Author Comment

by:bpl5000
ID: 33605240
Oh okay, I see... you are giving me code that deletes the computer account from the domain.  I do want to accomplish that, but I mainly want to remove the computer from the domain and add it to a workgroup.
0
 
LVL 8

Expert Comment

by:spinzr0
ID: 33605276
the code you have will remove it from the domain and join the workgroup.  I was just adding how to remove it from AD.
0
 
LVL 5

Author Comment

by:bpl5000
ID: 33605569
I have tried the code I posted on a Windows 7 workstation and it doesn't seem to work.  Finally I tried setting Const NETSETUP_ACCT_DELETE equal to 0 and that worked.  Using 2 is suppose to disable the computer account, but I guess that's not important since I am going to delete the account.  Now that I have my code working, I'll add your code and test it.  Thanks for the help!
0
 
LVL 5

Author Comment

by:bpl5000
ID: 33606656
The code ran without errors, but the computer account still remained in AD.  I'll remove the "on error resume next" and see if I get an error message.
0
 
LVL 8

Expert Comment

by:spinzr0
ID: 33606774
How'd it go?
0
 
LVL 5

Author Comment

by:bpl5000
ID: 33607100
I get the following error...

Object required: 'oTranslate'
Code: 800A01A8

The error happens on this line...

oTranslate.InitEx ADS_NAME_INITTYPE_DOMAIN, sDomain, sAdminUser, sDomain, sAdminPass

Any ideas why?
0
 
LVL 8

Expert Comment

by:spinzr0
ID: 33607280
I have a typo in my code, sorry.

the line: Set oTrasnlate = CreateObject("NameTranslate")
should be: Set oTranslate = CreateObject("NameTranslate")
0
 
LVL 5

Author Comment

by:bpl5000
ID: 33608353
Can't believe I didn't notice that when I copied and pasted it!  Now I'm getting another error...

"Name translation: Could not find the name or insufficient right to see name."

It happens on this line...

    oTranslate.Set ADS_NAME_TYPE_NT4, sDomain & "\" & sComputerName

Could this be because the computer has been removed from the domain?  I'm thinking it should still work because we are authenticating to the domain.
0
 
LVL 8

Expert Comment

by:spinzr0
ID: 33608376
It should still work.  You could try deleting it before you remove it from the domain.
0
 
LVL 5

Author Comment

by:bpl5000
ID: 33608758
Ok, I found out that when I supply the domain/computername, it needs to be the short domain name (MyOrg instead of MyOrg.local.  When running the oTranslate.InitEx, the full domain name works.

Now I get to "oComputer.DeleteObject(0)" and I get "permission denied."  Is this because I'm not using my credentials on this line?  The logged in user will not have rights to delete objects, but the credentials I supply will have.
0
 
LVL 5

Author Comment

by:bpl5000
ID: 33608784
I think when I "Set oComputer", I need to use credentials.  Do you know if that's possible?
0
 
LVL 8

Expert Comment

by:spinzr0
ID: 33608831
This should do it.  Please note you also need to supply a domain controller.
Sub DeleteComputer(sDomain, sComputerName, sAdminUser, sAdminPass, sDomainController)

    On Error Resume Next



    If Not Right(sComputerName, 1) = "$" Then sComputerName = sComputerName & "$"



    Const ADS_NAME_INITTYPE_DOMAIN = 1

    Const ADS_NAME_TYPE_NT4 = 3

    Const ADS_NAME_TYPE_1779 = 1

    Const ADS_SECURE_AUTHENTICATION = &H1

    Const ADS_SERVER_BIND = &H200

    

    Set oTranslate = CreateObject("NameTranslate")

    oTranslate.InitEx ADS_NAME_INITTYPE_DOMAIN, sDomain, sAdminUser, sDomain, sAdminPass

    oTranslate.Set ADS_NAME_TYPE_NT4, sDomain & "\" & sComputerName

    

    If Err.Number <> 0 Then

        Msgbox = "Computer not found"

    Else

        Set oLDAP = GetObject("LDAP:")

        Set oComputer = oLDAP.OpenDSObject("LDAP://" & sDomainController & "/" & oTrasnlate.Get(ADS_NAME_TYPE_1779), sDomain & "\" & sAdminUser, sAdminPass, ADS_SECURE_AUTHENTICATION + ADS_SERVER_BIND)



        If Err.Number <> 0 Then

            Msgbox "Computer not found"

        Else

            oComputer.DeleteObject(0)

            Msgbox "Deleted computer."

        End If

    End If

End Sub

Open in new window

0
 
LVL 8

Accepted Solution

by:
spinzr0 earned 500 total points
ID: 33608863
And i typoed otranslate again.  Corrected.
Sub DeleteComputer(sDomain, sComputerName, sAdminUser, sAdminPass, sDomainController)

    On Error Resume Next



    If Not Right(sComputerName, 1) = "$" Then sComputerName = sComputerName & "$"



    Const ADS_NAME_INITTYPE_DOMAIN = 1

    Const ADS_NAME_TYPE_NT4 = 3

    Const ADS_NAME_TYPE_1779 = 1

    Const ADS_SECURE_AUTHENTICATION = &H1

    Const ADS_SERVER_BIND = &H200

    

    Set oTranslate = CreateObject("NameTranslate")

    oTranslate.InitEx ADS_NAME_INITTYPE_DOMAIN, sDomain, sAdminUser, sDomain, sAdminPass

    oTranslate.Set ADS_NAME_TYPE_NT4, sDomain & "\" & sComputerName

    

    If Err.Number <> 0 Then

        Msgbox = "Computer not found"

    Else

        Set oLDAP = GetObject("LDAP:")

        Set oComputer = oLDAP.OpenDSObject("LDAP://" & sDomainController & "/" & oTranslate.Get(ADS_NAME_TYPE_1779), sDomain & "\" & sAdminUser, sAdminPass, ADS_SECURE_AUTHENTICATION + ADS_SERVER_BIND)



        If Err.Number <> 0 Then

            Msgbox "Computer not found"

        Else

            oComputer.DeleteObject(0)

            Msgbox "Deleted computer."

        End If

    End If

End Sub

Open in new window

0
 
LVL 5

Author Comment

by:bpl5000
ID: 33613398
Works awesome!  I greatly appreciate all the help!
0

Join & Write a Comment

This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now