1 of 1 people found this helpful
To the best of my knowledge netdom /remove can only remove a machine that is currently online. I just tried your syntax (netdom remove /d:domain machinename /ud:domain\username /pd:password) from the command prompt on a normal WinXP machine. The command works if machinename is present on the network and fails ("network path not found") if it isn't. The reason is that a netdom remove doesn't just delete the computer account. It issues RPC calls to machinename to remove it from the domain.
The command line tool that you should be using is dsrm.exe (standard command on Win2k3).
Sorry for giving you false hopes - when I tried dsrm after writing the above, I could not get it to work on WinPE. When I try dsrm under WinPE, it keeps telling me it doesn't like my command line syntax, even though the exact same syntax works under Win2003. Domain membership can't make the difference since the Win2003 on which the command works wasn't a domain member.
Thanks for your efforts; I will have a look as well today or tomorrow.
It would be great if device removal from AD could be somehow be included in OSD, as it’s a prerequisite (SID’s etc). It would therefore remove a manual task from the re-imaging process. Sounds as if it could be a touch tricky though.
Hello Trent, Jan,
one hint: normally it is not necessary to delete a XP machine from AD if you use the same computername.
On Windows NT 4.0 you must delete it... W2000 we did it too (no idea if it was needed), but on XP not (except we change the name).
One problem can occur if you've many many domain controllers and their synchronization doesn't work well... but than you've other problems too :-)
We have a few dc's and a couple on slow links, and its a bit hit and miss with regards to corrupt sids and GPO issues, so as a rule of thumb we delete before imaging.
Have you tried to use a LOCEXEC command in the script?
A LOCEXEC has the Core Server perform an action. Why have the Core Server send the action to WinPE and then have WinPE do it? The Core Server could do the action itself.
See the Using Custom Scripts document:The specified item was not found.
LOCEXEC1234=netdom remove /d:domain %Computer - Device Name% /ud:domain\username /pd:password, STATUS SYNC
Good thinking - just one thing: unless you'doing a vboot and you issue the netdom remove before the reboot to WinPE, a netdom remove won't work any better from the core server than from WinPE. The problem is that netdom remove wants to talk to the machine being removed. A LOCEXEC of a dsrm should work, however.
Thanks once again. Before i drown myself in notepad, do you have any suggestions on how this could be implemented in an imaging scenario. Would the command suggested just be added to the Preboot section?
I am sure that the preboot section runs when you PXE boot, however, I am not 100% sure that a LOCEXEC command would be skipped in the preboot command.
I would put it right after REMPING=WinPE line.
But my curiosity would make me test it as the first line in the script to see if it gets skipped on a Pxe boot.
I Have to delete the computer account for multiple reason and I use a Vbscript just after the sysprep.
The name of the computer is injected in the sysprep.
there is my vbscript file :
On error resume Next
Const ADS_SCOPESUBTREE = 2
Const ADS_SECURE_AUTHENTICATION = 1
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Properties("User ID") = "yourDomain\youruserName"
objConnection.Properties("Password") = "yourPassword"
objConnection.Properties("Encrypt Password") = True
objConnection.Properties("ADSI Flag") = 1
'get the machine name
Set objWshNetwork = WScript.CreateObject("WScript.Network")
strComputer = objWshNetwork.ComputerName
'adress of DC
strDomain = "192.168.1.1"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
'objCommand.Properties("Page Size") = 100
'objCommand.Properties("Cache Results") = False
'objCommand.Properties("Search scope") = ADS_SCOPESUBTREE
'on cherche le compte d'ordinateur dans AD
objCommand.CommandText = _
"SELECT ADsPath FROM 'LDAP://" & strDomain & "' WHERE objectCategory='computer' " & _
"AND Name='" & strComputer & "'"
Set objRecordSet = objCommand.Execute
strADsPath = ""
While Not objRecordSet.EOF
strADsPath = objRecordSet.Fields("ADsPath").Value
If strADsPath = "" Then
'MsgBox "Computer not yet found."
'MsgBox "Computer path: " & strADsPath
Set objNS = GetObject("LDAP:")
Set objComputer = objNS.OpenDSObject(strADsPath, "yourDomain\youruserName", "YourPassword",ADS_SECURE_AUTHENTICATION)
After I use Netdom to join domain in a specific OU.
You can encrypt this file in VBE using the microsfot script encoder tool from here http://www.microsoft.com/downloads/details.aspx?familyid=E7877F67-C447-4873-B1B0-21F0626A6329&displaylang=en