question

Ryan-4905 avatar image
0 Votes"
Ryan-4905 asked Ryan-4905 answered

Remove-ADComputer for remote server on a different domain

Hi

I'm trying to delete the "testserver" AD object via PowerShell. This works if the "testserver" is on the same domain as my laptop where I'm running my script from (dmn1.contoso.local). However, if the "testserver" is on dmn2.contoso.local, this command will search for the AD object on dmn1, not dmn2.

How can modify this command so it will search all domains within the consoto.local forest for this server?

 Remove-ADComputer -Identity "testserver"
windows-server-powershellwindows-active-directory
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RichMatheisen-8856 avatar image
0 Votes"
RichMatheisen-8856 answered

Have you tried adding the -Server parameter and using a DC in dmn2.contoso.local? How about using a Distinguished Name for the -Identity parameter?

If you use Get-ADComputer and pipe the result into Remove-ADComputer does that work?

Are there more than one Computer object in the AD that has the same name?

Are you a domain admin in the dmn2.contoso.local domain?


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Ryan-4905 avatar image
0 Votes"
Ryan-4905 answered

Hi,

Thanks for your response. I should've mentioned that this will be part of a much larger script, and the server could be on any one of our domains. I need to be able to query what domain the server is on and then remove the AD object from it.

I am a domain admin on all our domains.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RichMatheisen-8856 avatar image
0 Votes"
RichMatheisen-8856 answered

Whether or not it's part of a larger script, you didn't answer the questions. So, let's assume that you have NOT tried using the -Server parameter and a specific DC in the "other" domain. Neither have you said whether you can get the computer object by using Get-ADComputer without using the -Server parameter and the name of a DC in the "other" domain.

So, let me suggest something (assuming that all your domains are in the same AD forest): try "Get-ADComputer <name> -Server <GlobalCatalogServer>:3268 (you can use Get-AdDomainController to find one rather than hard-code it; use the parameters "-Discover -Service GlobalCatalog")

If that finds the computer, get the distinguishedName value and extract the domain name from that and find a DC using "Get-AdDomainController -Discover <domain-name". Then use the (or one of) the DC name/s in the Remove-ADComputer cmdlet.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Ryan-4905 avatar image
0 Votes"
Ryan-4905 answered

Apologies, I misunderstood your initial post and what you meant by using the -server switch. I didn't realise that -server was not referring to the AD computer object (what I would refer to as the server), but instead refers to the domain.

I tried running the below from a computer that was on dmn1.contoso.local, and it worked. You were spot on!

 Remove-ADComputer -Identity "testserver" -server "dmn2.contoso.local"


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.