[Solved] Disjoin a domain without domain admin account

Forums

My Profile

Inbox

Address Book

My Subscription

My Forums

[Solved] Disjoin a domain without domain admin account

Logged in as: Guest

arrSession:exec spGetSession 2,2,56012

	Active Users: There are 0 members and 0 guests.
	Users viewing this topic: none

Printable Version

All Forums >> [Scripting] >> WSH & Client Side VBScript >> [Solved] Disjoin a domain without domain admin account
Do you like VisualBasicScript.com? Link to us and help spread the word about our forum. Thanks!

Page: [1]

Message

<< Older Topic Newer Topic >>

[Solved] Disjoin a domain without domain admin account - 1/27/2008 7:26:20 PM

netxman

Posts: 104
Score: 0
Joined: 8/1/2005
Status: offline

Is it possible to disjoin PC from a domain to workgroup by using script and w2k3 toolkit NetDom?

If manually do the job, windows will prompt you to input old domain account and password but you can leave blank and click enter. The PC will be disjoined old domain after reboot.

Can I do this through script? I want to do the job remotely if vbs is possible.
Thanks.

< Message edited by netxman -- 2/2/2008 3:06:31 PM >

Post #: 1

RE: Disjoin a domain without domain admin account - 1/28/2008 12:20:49 AM

twilliamsen

Posts: 195
Score: 0
Joined: 1/18/2007
Status: offline

Are you sure it will disjoin it? I thought you needed to be a domain admin.

(in reply to netxman)

Post #: 2

RE: Disjoin a domain without domain admin account - 1/28/2008 1:22:50 AM

SAPIENScripter

Posts: 276
Score: 2
Joined: 11/1/2006
From: SAPIEN Technologies
Status: offline

Sure, you can use NETDOM to do this. You still need domain admin credentials but you can easily do it in a batch file.

netdom /remove DESKTOP01 /domain:MYDOMAIN /userd:MYDOMAIN\administrator /passwordd:admin-password /reb:10

Of course, if you are running the command with domain admin credentials, you don't have to specify /userd. One thing I can't recall is if the computer name can be DESKTOP01 or \\DESKTOP01.

_____________________________

Jeffery Hicks
Windows PowerShell MVP
SAPIEN Technologies - Scripting, Simplified. www.SAPIEN.com

Follow Me: http://www.twitter.com/JeffHicks

(in reply to netxman)

Post #: 3

RE: Disjoin a domain without domain admin account - 1/28/2008 12:06:53 PM

netxman

Posts: 104
Score: 0
Joined: 8/1/2005
Status: offline

Yes, twilliamsen I'm sure. It's no problem to do that by manually.

SAPIENScripter, yes there is no any problem if I have the old domain admin credentials but I have not.

So are there any ways to disjoin it without NetDom and without domain admin credentials?

I'm curiously about the difference between manually job and netdom.

(in reply to SAPIENScripter)

Post #: 4

RE: Disjoin a domain without domain admin account - 1/28/2008 11:47:13 PM

DiGiTAL.SkReAM

Posts: 1183
Score: 7
Joined: 9/6/2005
From: Florida, USA
Status: offline

Uhm, you can pull the computer out of the domain as long as you are a LOCAL admin on the box. The computer's domain account will still be there, and the DCs will all still think that it is a domain member, but the computer itself will consider itself part of a workgroup, and won't recognize domain logons any longer.
you have to be a DOMAIN admin to delete the domain account of the computer at the same or later time.

_____________________________

"Would you like to touch my monkey?" - Dieter (Mike Meyers)

"It is better to die like a tiger, than to live like a pussy."
-Master Wong, from Balls of Fury

(in reply to netxman)

Post #: 5

RE: Disjoin a domain without domain admin account - 1/29/2008 3:18:45 AM

netxman

Posts: 104
Score: 0
Joined: 8/1/2005
Status: offline

DiGiTAL.SkReAM

How to pull the computer out of the domain using script or something else? I'm the local admin on the box. I dont care about the computer's old domain account.

Bucause I need to add the computer to a new domain by using NetDom.exe which needs the computer belongs to workstation first.

Hope the further help.

Thanks.

(in reply to DiGiTAL.SkReAM)

Post #: 6

RE: Disjoin a domain without domain admin account - 1/29/2008 11:14:05 PM

Phil_E

Posts: 9
Score: 0
Joined: 1/29/2008
Status: offline

Try this (modified sample script from http://www.microsoft.com/technet/scriptcenter/scripts/default.mspx?mfr=true):

This will run as a local administrator and will remove the server from the domain and add it a workgroup of the same name.
(You will need to restart after running)

Set objNetwork = CreateObject("WScript.Network")
strComputer = objNetwork.ComputerName
Set objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\" & strComputer & "\root\cimv2:Win32_ComputerSystem.Name='" & strComputer & "'")
strDomain = objComputer.Domain
intReturn = objComputer.UnjoinDomainOrWorkgroup (NULL,NULL,0)

(in reply to netxman)

Post #: 7

RE: Disjoin a domain without domain admin account - 1/31/2008 8:47:28 AM

mcds99

Posts: 433
Score: 4
Joined: 2/28/2006
Status: offline

If using MS encryption you don't want to quit a domain until all the data is decrypted.

If you do you will have to join the domain again and I've seen that not work.

I know a guy who killed the only domain controler on a network, not good.

_____________________________

Sam

Keep it Simple Make it Fun KiSMiF

(in reply to Phil_E)

Post #: 8

RE: Disjoin a domain without domain admin account - 2/1/2008 7:52:41 PM

netxman

Posts: 104
Score: 0
Joined: 8/1/2005
Status: offline

Thanks Phil_E. Actually it works and no any passwords required.

Also thanks the kind advice of mcds99, I 'm not dealing with DC just some client PCs and few of them using MS encryption.

Then I need time to work on how to join another domain at the same time while disjoining action is done but not reboot. IF reboot, users cannot logon to the system because the computer domain account information is missing. I'm not sure if it will work after one time reboot.

(in reply to mcds99)