Remove-ADComputer for remote server on a different domain

Ryan 21 Reputation points
2020-07-28T19:22:48.143+00:00

Hi

I'm trying to delete the "testserver" AD object via PowerShell. This works if the "testserver" is on the same domain as my laptop where I'm running my script from (dmn1.contoso.local). However, if the "testserver" is on dmn2.contoso.local, this command will search for the AD object on dmn1, not dmn2.

How can modify this command so it will search all domains within the consoto.local forest for this server? 

Remove-ADComputer -Identity "testserver"
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,843 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,362 questions
0 comments
Accepted answer
  1. Rich Matheisen 44,776 Reputation points
    2020-07-28T21:20:12.193+00:00

    Have you tried adding the -Server parameter and using a DC in dmn2.contoso.local? How about using a Distinguished Name for the -Identity parameter?

    If you use Get-ADComputer and pipe the result into Remove-ADComputer does that work?

    Are there more than one Computer object in the AD that has the same name?

    Are you a domain admin in the dmn2.contoso.local domain?

    0 comments

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ryan 21 Reputation points
    2020-07-29T18:19:37.593+00:00

    Hi,

    Thanks for your response. I should've mentioned that this will be part of a much larger script, and the server could be on any one of our domains. I need to be able to query what domain the server is on and then remove the AD object from it.

    I am a domain admin on all our domains.

    0 comments
  2. Rich Matheisen 44,776 Reputation points
    2020-07-29T18:58:43.033+00:00

    Whether or not it's part of a larger script, you didn't answer the questions. So, let's assume that you have NOT tried using the -Server parameter and a specific DC in the "other" domain. Neither have you said whether you can get the computer object by using Get-ADComputer without using the -Server parameter and the name of a DC in the "other" domain.

    So, let me suggest something (assuming that all your domains are in the same AD forest): try "Get-ADComputer <name> -Server <GlobalCatalogServer>:3268 (you can use Get-AdDomainController to find one rather than hard-code it; use the parameters "-Discover -Service GlobalCatalog")

    If that finds the computer, get the distinguishedName value and extract the domain name from that and find a DC using "Get-AdDomainController -Discover <domain-name". Then use the (or one of) the DC name/s in the Remove-ADComputer cmdlet.

    0 comments
  3. Ryan 21 Reputation points
    2020-07-30T16:50:45.797+00:00

    Apologies, I misunderstood your initial post and what you meant by using the -server switch. I didn't realise that -server was not referring to the AD computer object (what I would refer to as the server), but instead refers to the domain.

    I tried running the below from a computer that was on dmn1.contoso.local, and it worked. You were spot on! 

    Remove-ADComputer -Identity "testserver" -server "dmn2.contoso.local"
    0 comments