2

I am trying create a script to remove a computer from a domain using remove-computer -unjoincredentials domain\admin -passthru However, I consistently receive an error stating that

remove-computer : Failed to unjoin computer 'web140127105714' from domain 'domain.com' with the following error message: Access is denied. At line:1 char:1 + remove-computer -UnjoinDomainCredential domain\admin -PassThru + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : OperationStopped: (web140127105714:String) [Remove-Computer], InvalidOperationException + FullyQualifiedErrorId : FailToUnjoinDomain,Microsoft.PowerShell.Commands.RemoveComputerCommand

The account I am using is a domain administrator with full access. I have confirmed that the account can manually unjoin from the domian.

Jon
  • 227
  • 2
  • 6
  • 15
  • I assume adding the -Force switch does not help, right? Are you able to remote onto the machine with the Domain admin account? – websch01ar Jan 31 '14 at 15:32
  • Just curious, are you on an elevated PowerShell console? I.e. did you right click and launch it as Administrator? – Adil Hindistan Jan 31 '14 at 15:53
  • wow Adil, I cannot believe I did not even try that yet... it didn't register to me that might be the case since I am able to join the domain in a non elevated console. Is there a way to run a script automatically under elevated privileges? – Jon Jan 31 '14 at 16:05
  • Well, my preferred way of doing that is to use 'scheduled tasks' where you can chose to run it as 'elevated' – Adil Hindistan Jan 31 '14 at 16:08

3 Answers3

2

Some operations on the console require you to be on an elevated PowerShell session. You can start your PowerShell session as Admin by right clicking on it and choosing 'Run as Administrator'. Then run the remove-computer cmdlet in that console session. Default title of the Administrator PowerShell console is 'Administrator : Windows PowerShell'. You can identify the window that way

Adil Hindistan
  • 6,351
  • 4
  • 25
  • 28
  • How Run As Administrator a PS Remoting ? I use C:\Windows\sysnative\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -File "\\server\temp\test.ps1" domain\user pass "C:\temp" – Kiquenet Apr 24 '14 at 10:04
1

There is no such parameter as -unjoincredentials

http://technet.microsoft.com/en-us/library/hh849816.aspx

Cole9350
  • 5,444
  • 2
  • 34
  • 50
  • 1
    Sorry, that was a typo on my part. As shown in the error, i used `-UnJoinDomainCredential` – Jon Jan 31 '14 at 16:00
1

Sounds like the OP found his answer, so here is a powershell self elevating example for future readers. Add to the top of your scripts and it will re-launch itself elevated so we don't have to right click and 'Run As Administrator'.

$WID=[System.Security.Principal.WindowsIdentity]::GetCurrent();
$WIP=new-object System.Security.Principal.WindowsPrincipal($WID);
$adminRole=[System.Security.Principal.WindowsBuiltInRole]::Administrator;
If ($WIP.IsInRole($adminRole)){
}else {
  $newProcess = new-object System.Diagnostics.ProcessStartInfo 'PowerShell';
  $newProcess.Arguments = $myInvocation.MyCommand.Definition
  $newProcess.Verb = 'runas'
  [System.Diagnostics.Process]::Start($newProcess);Write-Host 'Prompting for Elevation'
  exit
}
#####################
# Add Scripts Below #
#####################
Write-Host 'ElevatedCodeRunsHere';
Write-Host 'Press any key to continue...'
$null = $Host.UI.RawUI.ReadKey('NoEcho,IncludeKeyDown')

Powershell start-process script calls a second script - how to make one script only

Community
  • 1
  • 1
Knuckle-Dragger
  • 6,644
  • 4
  • 26
  • 41