1

Due to COVID and all, we've got people all over the world returning to the office. However a lot of them haven't been in in over 60 days, causing the DC to block the laptops. Normally we unjoin the domain, reboot and rejoin. However this is not feasible to do physically with 200+ computers scattered around the world.

Due to the above I've been looking into doing it through CMD. I got most of it working, but when giving the wmic computersystem where name!=null call unjoindomainorworkgroup command on the machine (through a psexec remotely) I get the below feedback:

C:\WINDOWS\system32>wmic computersystem where name!=null call unjoindomainorworkgroup
.Executing (\\COMPUTERNAME\ROOT\CIMV2:Win32_ComputerSystem.Name="COMPUTERNAME")->unjoindomainorworkgroup()
Method execution successful.

Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 5;
};

However when I reboot and call the list of domains, it still shows the domain as joined:

C:\WINDOWS\system32>wmic computersystem get domain
Domain
DOMAIN.local

Any clues where I'm going wrong or pointers to do this more efficiently?

DragonSlayer666
  • 13
  • 1
  • 5
  • The correct way to exclude names which have no value, should be `%SYSTEMROOT%\System32\wbem\WMIC.exe ComputerSystem WHERE "Name IS NOT NULL" CALL …` – Compo Jul 02 '21 at 14:38
  • BTW, `5` is a general system error code for Access is Denied, so the WinMgmt local caller context is not running with a high enough authentication level to perform the task. _And just to reiterate my last comment, you are essentially excluding any `Name` with a case insensitive string value of `null`, not those which have no value_. – Compo Jul 02 '21 at 16:30

0 Answers0