Removing AD computer without being part of domain

This topic contains 6 replies, has 4 voices, and was last updated by Profile photo of TomBaker TomBaker 4 months, 3 weeks ago.

  • Author
    Posts
  • #47612
    Profile photo of Cody Everingham
    Cody Everingham
    Participant

    So im trying to get rid of an existing computer in the domain, however I get the following error:
    _____________________________________________________________________________________________________________________________
    WARNING: Error initializing default drive: 'Unable to find a default server with Active Directory Web Services running.
    _____________________________________________________________________________________________________________________________
    Below is a demo of my script:
    _____________________________________________________________________________________________________________________________
    Import-Module Activedirectory
    $adifferentcomputer ="itsHostname"
    $domain = "mydomain.org"
    $password = Get-Content C:\mypassword.txt | ConvertTo-SecureString -asPlainText -Force
    $username = "$domain\myusername"
    $credential = New-Object System.Management.Automation.PSCredential($username,$password)
    Remove-ADComputer -Identity $adifferentcomputer -DomainName $domain -Credential $credential
    _____________________________________________________________________________________________________________________________
    So is there a way of removing a computer from a target domain without being part of it? Am I even going about this the right way? any input would be appreciated. Thanks!

  • #47616
    Profile photo of Craig Duff
    Craig Duff
    Participant

    Try adding the -Server parameter and target a DC of that domain.

  • #47618
    Profile photo of Cody Everingham
    Cody Everingham
    Participant

    Right I would have assumed something along those lines but Import-module doesn't seem to support the server parameter according to technet.

    Import-Module [-Name] [-Alias ] [-ArgumentList ] [-AsCustomObject] [-Cmdlet ] [-DisableNameChecking] [-Force] [-Function ] [-Global] [-MaximumVersion ] [-MinimumVersion ] [-NoClobber] [-PassThru] [-Prefix ] [-RequiredVersion ] [-Scope {Local | Global} ] [-Variable ] [ ]

    error when I tried "Import-Module activedirectory -server 'mydomain.org\dc-1'"

  • #47623
    Profile photo of Dan Potter
    Dan Potter
    Participant

    Remove-ADComputer -Server

  • #47625
    Profile photo of Dan Potter
    Dan Potter
    Participant

    alternatively, New-PSDrive -Name anotherdomain -PSProvider ActiveDirectory -Root dc=anotherdomain,dc=com -Server dc

  • #47627
    Profile photo of Cody Everingham
    Cody Everingham
    Participant

    That would have worked great, however I found yet another work around. I just invoke the command to the dc.
    something like this, but thanks for the help!

    winrm set winrm/config/client `@`{TrustedHosts=`"`dc-1`"`}
    $domain = "mydomain.org"
    $password = Get-Content password.txt | ConvertTo-SecureString -asPlainText -Force
    $username = "$domain\user"
    $credential = New-Object System.Management.Automation.PSCredential($username,$password)
    Invoke-Command -ComputerName dc-1 -Credential $credential -ScriptBlock {
    parm ($domain, $password)
    Remove-ADComputer -Identity olduser -confirm
    } -args $domain, $password

  • #47677
    Profile photo of TomBaker
    TomBaker
    Participant

    Invoke command to a DC will require domain admin rights, whereas the other methods just require the delete object rights.

    Also not a good idea to store domain admin password clear text in a file unless it's a lab.

You must be logged in to reply to this topic.