K2000 - ADCI script to remove machine from Domain?
I just found out that we can add ADCI drivers to the KBE boot environment, and someone had mentioned that there should be a script that will remove the machine from AD. Ideally, I was thinking that I could add it as the last mid-level task, so after it has deployed successfully, I can have the script that will remove it from AD.
Anyone know how to do this? I'm new to this ADCI thing, so keep that in mind :)
Answers (1)
Not sure why you want to remove a machine from the domain as a mid level task, should not be in a domain then.
What are ADCI drivers, do you mean AHCI? When I have to add a driver I attach as admin to my k2000 and place them in the \\ikbox\drivers\kbe_windows_x86\kace for 32bit ones or \\ikbox\drivers\kbe_windows_x64\kace for 64bit ones and then recompile my boot environments to add the drivers.
We recently switched all 1500 of our academic machines from one domain to a new domain. We imported all the machine names to the correct OU.s with power shell prior
I used these two lines:
This line used wmic and removed them from the domain.
start /wait Wmic computersystem where name="%computername%" call unjoindomainorworkgroup
I then use kace's k2000 join_domain.vbs to join them to the new domain with no reboot in between the lines. rebooted after, then updated policies and we were done.
start /wait cscript.exe -b c:\windows\w2d\join_domain.vbs tmccacad.tmcc.edu installer xxxxxxxx 10.16.19.7
Comments:
-
If we go to reimage a machine, and it's already on the domain, it won't join the domain. I don't have rights to manage AD, so it's a constant battle to get networking to remove it for us. The wname /rcid commands won't work with the way we have our image setup (does wname first, reboots, then joins to domain with our VBE script) - sfigg 12 years ago
-
What are you using to join the domain? Something doesn't sound right. Post the script. - dugullett 12 years ago
-
We reimage two times a year in the classrooms. The machines are in the domain. We pxe boot them reimage and I then use the join_domain.vbs to join them since the names are already in AD. The user you use to join the domain has to have rights to modify the current machine objects in AD for this to work correctly, talk to the server gods to get this gift. That user then just updates the info. The bad side of this, if you have a machine on the domain that is off and you image one with that same name your new machine goes on the domain and breaks the trust relationship with the other one so when it comes up it cannot logon - SMal.tmcc 12 years ago
-
When we first tested the new domain our joiner user could only join machines not already in the domian. Our server guy said he gave our joiner user all rights to the machine objects in the ou's, they tried just create and delete but it did not work so they gave the account all rights. Ask your server group what machine rights the user you join the machines to the domain has. - SMal.tmcc 12 years ago