Hi,
If you are using Active Directory environment in you infrastructure then you does the one thing for sure , remove / add computers to the domain.
Some times when you format user computer and add it again to the Domain it gives an error that "Computer Already exists in the domain". Or you can say that you have multiple remote offices and syncing / replication between those all DC's are slow and you need to delete that computer from All DC including the local and remote domain Controllers.
I wrote this small script which delete the provided "computer" in to all DC which is on you replicated Server List. Before running this script make sure you have "Active Directory" module installed.
This script works for me and hope this works for you too.
You can Download the script from here : http://gallery.technet.microsoft.com/scriptcenter/Remove-Computer-Account-326f1e22
#########################################################
# Import Module
Import-Module ActiveDirectory
# Variables
$computer = $env:Computername # Computername which you want to use
$localdc = "Dc-XXXX" # Chnage with ur local DC
$credentials = Get-Credential # This should be Admin Credentials
# AD
$ADResult = (Get-ADComputer -Filter {cn -like $computer} -Server "$localdc" -Credential $credentials ).name -eq $computer
$dclist = (Get-ADDomain -Server "$localdc" -Credential $credentials).ReplicaDirectoryServers
$arrDc = @()
foreach ($obj in $dclist) {
$nlist = $obj.Replace("`.XYZ.com","") # Replace XYZ.com with your Domain Name
$arrDc += $nlist
}
# If you want to remove it from AD remove -wahtif and un-commnted -confirm:$false
if ($ADResult -eq $true) {
Write-Host -ForegroundColor Red "$computer exists in AD, I am going to remove it"
foreach ( $dc in $arrdc) {
Remove-ADComputer -Identity "$computer" -Server $dc -Credential $credentials -whatif #-confirm:$false
write-host $([char]7)
write-Host "$computer is deleted on $dc " -ForegroundColor Green
}
}
## ENd of Script##### a m a n d h a l l y ________
You can Download the script from here : http://gallery.technet.microsoft.com/scriptcenter/Remove-Computer-Account-326f1e22
Thanks for Reading.
Aman Dhally
You don't need to delete the account from every domain controller, nor do you really need to specify one. All you need to do is run the remove-adobject cmdlet and you will automatically connect to the nearest DC. The domain controllers will replicate the change. I think you are asking for replication errors if you try to remove the object from multiple domain controllers all at once.
ReplyDeleteThis is also the type of script where you can benefit from cmdlet binding and parameters. You can turn on -Whatif
[cmdletbinding(SupportsShouldProcess=$True]
Param(
[string]$computer = $env:Computername,
[string]$localdc = "Dc-XXXX",
$credentials = Get-Credential
)
Now if you run the script
.\delcomp.ps1 computer1 -whatif
All the cmdlets that support -WhatIf will automatically use -Whatif
Thanks for the Suggestion Jeffery.
DeleteBut the Problem arise when you just reformat your Laptop. and before joining it to domain you need to specify the domain controller to remove the account first to add it again.
for example:
if we planning to automated the Domain Joining after reformatting of the laptops then this scripts helps ,, isnt ?
thanks for you post Jeffery Hicks.
thanks
aman
I went back and re-read your intro. I understand why you think you need to delete from all DCs but I still think you are asking for trouble. If you delete it from the DC in the site where you are adding the computer, that should be sufficient. Or perhaps this is a sign that you should look into your replication topology.
ReplyDelete100% agreed with you "Jeffery Hicks", This is because of Replication Problems. and we are working on it..
Deleteand yes if we delete a computer from one DC it will be deleted from all DC.
In our scenario we have some remote offices where we have connectivity issues, so I wrote this script because it quite fast and i am ensure that computer account is deleted from all DCs :)
thanks Jeffery
aman