How to remove computers from other domains ?

Hello, we have three domains. domain1, domain2, domain3
I have a list of computer that i need to remove from domain2.
Once i enter the powershell session with my domain admin account, the session is created under domain1.

Get-Content C:\Users\domainadmin-SA\Documents\ComputerList.txt | Remove-ADComputer -WhatIf

How do i create the pssession under domain2 so when i read the computer list the computer accounts are removed ?

Thanks
namergSystems AdministratorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Daniel_PLDB Expert/ArchitectCommented:
Hi,

Please check this:
$cred_domain2=Get-Credential;
Get-Content C:\Users\domainadmin-SA\Documents\ComputerList.txt | % { Get-ADComputer -Filter { Name -eq $_ }  -server "domain2dc.com" } | Remove-ADComputer -Verbose -Credential $cred_domain2 -WhatIf;

Open in new window

0
namergSystems AdministratorAuthor Commented:
Hmmm i was expecting to see a verbose after the -WhatIf but nothing. Does it mean that all is good ? Hmmm Thanks.
0
Daniel_PLDB Expert/ArchitectCommented:
That's because it doesn't implement Verbose nor Debug directly in its code.
https://docs.microsoft.com/en-us/powershell/module/addsadministration/remove-adcomputer

If you want to slow down a bit you can use -Confirm switch to be prompted for each deletion.
0
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

namergSystems AdministratorAuthor Commented:
Never mind, I just tested it with few computers, removed the fqdn and seems to be working but I get the following:

Remove-ADComputer : A referral was returned from the server
At line:1 char:169
+ Get-Content C:\Users\\domain1admin\Documents\ComputerList.txt | % { Get-ADComputer -Filter { Name -eq $_ }  -server "domain2.prod.lcl" } | Remove-
ADComputer <<<<  -Verbose -Credential $cred_domain2
    + CategoryInfo          : ResourceUnavailable: (CN=computer...,DC=domain2,DC=lcl:ADComputer) [Remove-ADComputer], ADReferralException
    + FullyQualifiedErrorId : A referral was returned from the server,Microsoft.ActiveDirectory.Management.Commands.RemoveADComputer

Open in new window

0
Daniel_PLDB Expert/ArchitectCommented:
This means there's an error in object naming, because I've forgotten to pass credential to Get-ADComputer  :/
$cred_domain2=Get-Credential;
Get-Content C:\Users\domainadmin-SA\Documents\ComputerList.txt | % { Get-ADComputer -Filter { Name -eq $_ }  -server "domain2dc.com"  -Credential $cred_domain2} | Remove-ADComputer -Verbose -Credential $cred_domain2 -WhatIf;

Open in new window

0
namergSystems AdministratorAuthor Commented:
Hmm, same error.

Performing operation "Remove" on Target "CN=computer,OU=odiak Prod,OU=Servers,DC=domain2,DC=local".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): y
Remove-ADComputer : A referral was returned from the server
At line:1 char:194
+ Get-Content C:\Users\domain1admin\Documents\ComputerList.txt | % { Get-ADComputer -Filter { Name -eq $_ }  -server "domain1DC01.domain2.local"  -Credential
 $cred_domain2} | Remove-ADComputer <<<<  -Verbose -Credential $cred_domain2
    + CategoryInfo          : ResourceUnavailable: (CN=computer...,DC=domain2,DC=local:ADComputer) [Remove-ADComputer], ADReferralException
    + FullyQualifiedErrorId : A referral was returned from the server,Microsoft.ActiveDirectory.Management.Commands.RemoveADComputer

Open in new window

0
namergSystems AdministratorAuthor Commented:
I meant
domain2DC01.domain2.local

Open in new window

not domain1DC01.domain2.local.
0
Daniel_PLDB Expert/ArchitectCommented:
I'd check if search is working
[array]$adComputers=$null;
Get-Content C:\Users\domain1admin\Documents\ComputerList.txt | % { $adComputers+=$(Get-ADComputer -Filter { Name -eq $_ }  -server "domain2DC01.domain2.local" -Credential $cred_domain2)}

$adComputers | ft -autosize

Open in new window

0
namergSystems AdministratorAuthor Commented:
Hmm, something got missed. I do see a prompt like >>
0
Daniel_PLDB Expert/ArchitectCommented:
This should be more clear. How do you delimit data in C:\Users\domain1admin\Documents\ComputerList.txt file? Newline, comma?

[array]$adComputers=$null;
$computers=Get-Content C:\Users\domain1admin\Documents\ComputerList.txt;
foreach ($computer in $computers) {
$adComputer=Get-ADComputer -Filter { Name -eq $_ } -server "domain2DC01.domain2.local" -Credential $cred_domain2;
$adComputers+=$adComputer;
}
if ($adComputers) {
$adComputers | ft -autosize;
} else {
Write-Host "[WARNING] No data found";
}

Open in new window

0
namergSystems AdministratorAuthor Commented:
New line.
0
namergSystems AdministratorAuthor Commented:
Ohh man, I thought it was going to be simpler...
0
namergSystems AdministratorAuthor Commented:
I am running through command line.

Will the following work with the right values ?

[array]$adComputers=$null;
$computers=Get-Content C:\Users\domain1admin\Documents\ComputerList.txt;
foreach ($computer in $computers) { $adComputer=Get-ADComputer -Filter { Name -eq $_ }  -server "domain2DC01.domain2.local" -Credential $cred_domain2; $adComputers+=$adComputer; } }
if ($adComputers) { $adComputers | ft -autosize; } else { Write-Host "[WARNING] No data found"; }

Open in new window

0
Daniel_PLDB Expert/ArchitectCommented:
The case is in this part Get-ADComputer -Filter { Name -eq $_ } It depends on what you pass from your file.
You can practise different results by adjusting following command, this will return everything. Compare your computer names with data in your file. Check how it is being split with foreach operator. In case you have them placed one per line you can change iterator from above code to this foreach ($computer in $computers.Split()) {.

Get-ADComputer -Filter * -SearchBase "CN=computer,OU=odiak Prod,OU=Servers,DC=domain2,DC=local" -Server "domain2DC01.domain2.local" -Credential $cred_domain2;

Open in new window


I don't know how to express it more clear :)
0
namergSystems AdministratorAuthor Commented:
I know the second part will work, we have trusted domain controller and I can query without passing credentials.. I can not use notepad++ only CLI. You follow me ? I need enter the code through CLI. Thanks.
0
namergSystems AdministratorAuthor Commented:
I get this:

PS C:\users\domain1admin\Documents\GetComputers.ps1
Get-ADComputer : Variable: '_' found in expression: $_ is not defined.
At C:\users\domain1admin\Documents\GetComputers.ps1:4 char:27
+ $adComputer=Get-ADComputer <<<<  -Filter { Name -eq $_ } -server "domain2DC01.domain2.local" -Credential $cred_domain2;
    + CategoryInfo          : InvalidArgument: (:) [Get-ADComputer], ArgumentException
    + FullyQualifiedErrorId : Variable: '_' found in expression: $_ is not defined.,Microsoft.ActiveDirectory.Management.Commands.GetADComputer

Open in new window

0
Life1430Sr EngineerCommented:
Give a try to run a power shell command on different computer, please refer below

https://blogs.technet.microsoft.com/heyscriptingguy/2013/12/11/use-powershell-to-create-remote-session/
0
namergSystems AdministratorAuthor Commented:
@Sarang, I tried that and did not work. I guess I will delete the computers manually. :( Ohh well..
0
footechCommented:
Have you just tried using the -server parameter with your Remove-ADComputer command?  Any AD cmdlet will target a server in the local domain unless you tell it otherwise.  In other examples above I've seen where the -server parameter is specified to retrieve the computer accounts, but then isn't used for the remove command.
$cred_domain2 = Get-Credential
Get-Content C:\Users\domainadmin-SA\Documents\ComputerList.txt | Remove-ADComputer -server "domain2DC01.domain2.local" -Credential $cred_domain2 -whatif

Open in new window

1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
namergSystems AdministratorAuthor Commented:
That was it footech. You da man. Yes, it needed the -server parameter in the Remove-ADComputer. I did create a Test Computer account and it got deleted.
0
namergSystems AdministratorAuthor Commented:
Thumbs Up.
0
footechCommented:
Glad to help.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Powershell

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.