Systems Management Question

Unjoin a computer from domain before reimaging

01/24/2014 5727 views

I'd like to unjoin a computer from our domain before a machine is reimaged with the K2000.  When our sites need to reimage a machine, they reimage with the same name, and they call me to remove it.  Most imaging at our sites is done on weekends and after hours.  This would save some late night and weekend phone calls.  Our domain is locked down, and our remote sites don't have rights to remove.  I'm hopiing someone out there would have a script to do this.

Answer Summary:
2 Comments   [ + ] Show comments


  • Try this method...What we do is make sure there is no network connection to the domain, then dis-join it (without being able to talk to a DC) The account will then stay in AD. When we rejoin it to the domain it uses the same account it had used before. It has worked for us to re-image hundreds of PC's.
  • What we do is rename the computer before re-imaging and reboot it. We add OLD to the end of the name. Then it's easy to clean up the machine from AD, our AV server, etc. i.e. we just search for machines that end in *OLD and delete them. This would also allow you to re-use a name if you need it. It's a manual method, though.

All Answers


Here is a really good primer on how to script for ADSI. It contains a lot of good information, including some examples on how to delete objects.


Answered 01/24/2014 by: BHC-Austin
4th Degree Black Belt


If you have a K1000 you could use the primer above, or just some simple command lines, to create a script with variables for the machine name; once created you could publish this in the user portal (limited to certain user label hopefully) and allow a user/tech with less AD rights to execute. Once it is removed, reimage the machine as usual.


Another idea might be to change the naming convention so that the machine name is more unique. You could do this with automation such as WSNAME and do Something that includes the date or time in the machine name (along with useful things like Serial number, OS etc). By joining AD under a new name would remove the need the remove the old record prior to reimage; less than ideal because you'd have old records, but solves the need for keeping the users from calling you maybe.

Answered 01/26/2014 by: cblake
Red Belt


I have a vbscript that runs as a post install task that runs before my domain join script. Works a treat.





Answered 01/29/2014 by: Gavio
White Belt

This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ