Removing a machine from domain using PowerShell

Question

I was tasked to develop a PS script to remove machines from the domain for automation purposes. I am not a full time scripter so i went ahead and did some digging and found this :

"Remove-Computer -UnjoinDomaincredential nsmg\svc_unjoindomain -PassThru -Verbose -Restart -force"

when i run it on my test computer that is currently joined to my company computer i get this error: "Remove-Computer : Failed to unjoin computer 'TX0001QVE7P8I' from domain 'X' with the following error message: Access is denied. At line:1 char:1

Remove-Computer -UnjoinDomaincredential DOMAIN1/DOMAIN ADMIN -PassTh ...

  + CategoryInfo          : OperationStopped: (TX0001QVE7P8I:String) [Remove-Computer], InvalidOperationException
  + FullyQualifiedErrorId : FailToUnjoinDomain,Microsoft.PowerShell.Commands.RemoveComputerCommand"

I have replaced the syntax to match my domain as well as gave it a domain admin account but still getting this error. could you guys tell me what i could possibly be missing?

score 1 · Answer 1 · answered Dec 13 '21 at 20:59

1

As per documentation, the parameter -UnjoinDomainCredential requires a PSCredential object; you can't simply type the credentials in the command line.

You can find more info about how to build a PSCredential object here.

answered Dec 13 '21 at 20:59

Massimo

70,200
57
200
323

I followed that document as well but I am still getting the same results. I have created what I believe to be the PSCredentials by adding the following parameters below: ____________________________________________________________________________________________________ $domain = "domain" $username = "$domain\username" $password = "password" | ConvertTo-SecureString -asPlainText -Force $credential = New-Object System.Management.Automation.PSCredential($username, $password) Remove-Computer -UnjoinDomaincredential ( $credential ) -PassThru -Verbose -Restart – user944655 Dec 13 '21 at 21:22
$credential = New-Object System.Management.Automation.PsCredential("domain\account", (ConvertTo-SecureString "Password" -AsPlainText -Force)) Remove-Computer -UnjoinDomaincredential $credential -WorkgroupName "workgroup" -PassThru -Verbose -Restart – user944655 Dec 13 '21 at 22:01
Make sure the credentials you are using are actually valid and the specified user account has the required permissions to remove the computer from the domain. You can test that by manually performing a domain unjoin on a computer using the same user account. – Massimo Dec 13 '21 at 22:47
Also, you will (of course) need to run your command with local administrator rights. The credentials you are supplying are only used to tell to the domain that you are removing the computer, but you'll also need to run the command itself as a local admin. If you are testing this in PowerShell, remember to use `Run As Administrator`. – Massimo Dec 13 '21 at 22:51
Thank you @Massimo, it worked!! – user944655 Dec 14 '21 at 21:54

Removing a machine from domain using PowerShell

1 Answers1