Looking for a way to get the computers machine name before imaging and run a VB script to remove that machine account from AD. I tried to do this via command line by getting the Machine name from HKLM\System\controlset001\control\computername and passing that through to dsquery and dsrm but windows PE cannot use dsquery or dsrm so that's out the window. The batch command I used to get the name is:
@echo off
reg LOAD HKLM\SYSTEM_00 C:\system32\config\SYSTEM

for /f "tokens=2,*" %%a in ('reg query HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ComputerName /v computername ^| findstr computername') do SET NAME= %%b

That may help someone but I doubt it.

as far as the VB script KACE has the premade "GetComputerName.vbs" which writes the existing computername to a file on the T: drive \petemp. I've found some documentation on removign machines from AD using VBS Example:

strComputer = "atl-pro-040"

set objComputer = GetObject("LDAP://CN=" & strComputer & _
",CN=Computers,DC=fabrikam,DC=com")
objComputer.DeleteObject (0)

That looks like it would delete a machine if the name was preset, not based off a variable. The problem is my VBS knowledge is basically zero so even though I know where the machine name is stored by the pre-made KACE script I have no idea how to call it or how to script the function of plugging in that name as a variable for the strComputer variable in VBS.

Any help would be appreciated.
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Answers

0
matiasm,

So wouldn't the strComputer be

strComputer = %NAME%

since that is the variable of computername that you found in the registry.
If that doesn't work, let me know, I bet we can do something in AutoIT. I already have the getcomputername part working ;)
We would just need to play with the AD part.
Answered 07/12/2011 by: cserrins
Red Belt

Please log in to comment
0
I would be interested in this as well. Our machines get named "companyname-serialnum" but if we reimage and forget to manually delete the machine account in AD first, it results in a random number
Answered 07/12/2011 by: mlathrop
Fifth Degree Brown Belt

Please log in to comment
0
you could use wsname to take care of this for you using the following switches
/RCID Rename Computer in Domain
/USER: Name of user with rights to perform the /RCID operation
/PASS: Password of user with rights to perform the /RCID operation
/DELETEEXISTING For use with /RCID, will attempt to delete an existing account with the new name

so:
wsname.exe /N:companyname-$SERIALNUM /rcid /user:username /pass:password /deleteexisting

Corey
Answered 07/12/2011 by: cserrins
Red Belt

Please log in to comment
0
Well the top line of code is a batch script, the bottom stuff is generic VB Script I found online, how would one go about running all of that at once and passing the batch script variable to the VB Scripts? Also like I said I don't know how to even script in VB I don't even know if the code linked really works. That example looks like it looks into a specific container for a machine account whereas I'd like my script to parse the entire AD structure to make sure it deletes the machine if it exists no matter where it resides in AD, I assume something like this would work:
strComputer = %NAME%

set objComputer = GetObject("LDAP://DC=DOMAIN,DC=net")
objComputer.DeleteObject (0)

but when I try that I get an error of Line 4 Char1 "The Server is unwilling to process the reuqest". Which to me suggests invalid credentials (of which I don't know how to pass into a VB Script) [:@]

Funny you mention Autoit, I started playing that as well haven't gotten very far other than:
#include <adfunctions.au3>
#include<array.au3>
$compname = RegRead("HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ComputerName", "Computername")
_AD_Open ( "user" , "pass" , "domain" , "DC")
_AD_DeleteObject= $compname

Which might work eventually, calling the regread of an offline reghive is the first hurdle I see. I think the VB Script will and I think I'd like to stick with that since it seems to be furthest along.
Answered 07/12/2011 by: matiasm
Orange Senior Belt

Please log in to comment
0
I'm almost 99% sure that you cannot access AD via KACE's WinPE, I looked into it when I wanted to create my naming script so it would do a check in AD before nameing the PC and then use the next number in the row.
(our nameing standard is [CC][TT][NUMBER]
CC being Country Code
TT Type (PC/LT/VM) PC, Laptop, VMware
Number is just increesing for each pc)

If you wanna access AD from WinPE then you need to import a module, and that is not possible in KACE since it's done automaticly

I had to create a sql database with all the names in and look into that and find the names in that.

But you should be able to add a PC to AD that already exist if the rights in AD is correct
Answered 07/13/2011 by: rmeyer
Second Degree Blue Belt

Please log in to comment
0
rmeyer,

You are correct. However, I have just updated my KBE_direct script so that you can build a KBE that has ADSI built in to it, this will (I tested) allow you to access AD!!!
Now we need to start discussing the possibilities!!

Contact me if you want to try it out and are willing to post results back so we know everything is working 32/64bit, etc, etc.

Corey
Answered 07/13/2011 by: cserrins
Red Belt

  • Hi Corey,

    Do you have any VBS templates for connecting to and effecting changes in AD through this method? I have create a KBE with ADSI drivers using your KBE manipulator, but attempts at actual changes (delete computer account in AD) have failed :(

    -Matt
Please log in to comment
0
I don't know if this will help, but a friend directed me to these command line utilities, and the Joeware site comes highly recommended:
http://joeware.net/freetools/tools/adfind/index.htm
http://joeware.net/freetools/tools/admod/index.htm
Answered 07/14/2011 by: snissen
Fourth Degree Green Belt

Please log in to comment
0
ORIGINAL: cserrins

rmeyer,

You are correct. However, I have just updated my KBE_direct script so that you can build a KBE that has ADSI built in to it, this will (I tested) allow you to access AD!!!
Now we need to start discussing the possibilities!!

Contact me if you want to try it out and are willing to post results back so we know everything is working 32/64bit, etc, etc.

Corey


Sweet :)

If only I had some more time to do the testing I would love to but I'm a bit to busy at the moment making win7 ready for deployment, if I run into something that would make sense I'll drop you a PM :)
Answered 07/18/2011 by: rmeyer
Second Degree Blue Belt

Please log in to comment
0

Does anyone know if they've figured this out? This is exactly what I'm looking to do. 

Answered 06/28/2012 by: sfigg
Red Belt

Please log in to comment
0

This is what I do.

First query for the machine..

dsquery computer dc=test,dc=com -name %computername% > T:\dsrm.log

Next for loop then remove

for /f %i in (t:\dsrm.log) do dsrm %i /y

 

Answered 02/26/2013 by: mikesharp1
Second Degree Black Belt

  • you will need dsrm and dsquery in your t:\ drive for winpe
  • Thanks I'll try that. How do I dump the files into the T:\ drive? Is there is a hidden samba share I can connect to?
  • you are already pointed to the T:\ by using the greater then sign comamnd. The KBE is mapped already.
  • look at my other post I explain more there.
    thanks!
  • This is going to sound stupid, but the post wasn't that elaborate and I had a question. Do I set this up as a pre-install task or post-install task? And do I just upload the tools in a zijp file and call this exact command then? Or is the "next for loop then remove" not part of it? I don't script much, so I'm not sure of the exact command to use.

    dsquery computer dc=test,dc=com -name %computername% > T:\dsrm.log

    Next for loop then remove

    for /f %i in (t:\dsrm.log) do dsrm %i /y
  • yes you can do that way. Just think out of the box.
    Look what dsquery computer does is query's to find the computer and output's that to a log file then using for /f you pulling that query and putting that in a variable. and removing it with dsrm.

    I know its a little frustrating figuring things out but read up on dsrm download the tools play in the command line and you figure it out.

    This skill level on 1 to 10 is like a 4. you just have to know a little command line.

    best of luck!
  • I don't have a problem learning basics of DSRM. The problem is that I don't have the time right now given my work load. So if I can ask a simple question just to see if the command works, then great. Once I have something working, it's easier for me to review the command lines and try other things rather than start from scratching and trying to figure out why something isn't working.

    Given that, I'm not having success running this as a pre-install task, so I'll have to revisit this later in the year when I have more time to figure out dsrm.
  • First make sure you have the adminpak install!!!!!!!!!

    start run cmd or start cmd enter

    run this .. test is your domain and ending with your domain below. like dc=test,dc=com so in english it would look like test.com we are just breaking it up in the command dsquery knows what to look for.

    dsquery computer dc=test,dc=com -name %computername% <- thats your computer

    you should something like this

    "CN=COMPUTERNAME,OU=COMPUTER,DC=TEST,DC=COM"

    then run dsrm "CN=COMPUTERNAME,OUT=COMPUTER,DC=TEST,DC=COM"
  • U can also use power shell for this :-)
Please log in to comment
Answer this question or Comment on this question for clarity