Differences

This shows you the differences between two versions of the page.

--- userspace:active_directory_-_join_leave_relocate_ou [2015/09/30 18:24]
larsg [Active Directory client management, join/leave/relocate ou]
+++ userspace:active_directory_-_join_leave_relocate_ou [2015/09/30 18:39]
larsg [Uninstall]
@@ Line 1: / Line 1: @@
-====== Active Directory client management, join/leave/relocate ou ======
+====== Active Directory client management, join/unjoin/relocate ou ======
-   * created by LarsG [[lars.gruenheid@civitec.de]] 2015/09/30
+created by LarsG [[lars.gruenheid@civitec.de]] 2015/09/30
    * tested under windows 7
@@ Line 8: / Line 8: @@
 With this package, you can join or leave a domain, and in theory change the ou-path for the client within a domain (still experimental, details below).
-These three functions are conveniently assigned to the action requests setup (join), uninstall (leave), update (relocate).
+These three functions are conveniently assigned to the action requests setup (join), uninstall (unjoin), update (relocate).
 This package relies on three product properties:
    * **domain_ou**
-**domain_ou** must follows this syntax: ''[domain.tld][/ou_1/ou_2]'', both segments are independent and optional
+''domain_ou'' must follows this syntax: ''[domain.tld][/ou_1/ou_2]'', both segments are independent and optional
 and only taken into account when joining a domain or relocating to another ou. when a client shall leave a domain, required information are gathered
 from operating system.
@@ Line 24: / Line 24: @@
    * **password**
-**username** must include the domain it belongs to, either like ''DOMAIN\username'' or ''username@domain.tld'', and it has to be
+''username'' must include the domain it belongs to, either like ''DOMAIN\username'' or ''username@domain.tld'', and it has to be
 an account with sufficient privileges to join/unjoin clients to/from the domain(s) you want to manage.
-if a client currently is in a domain and shall join another, you need one account with sufficient privileges for
+''username'' and ''password'' are prunned from productproperties upon every successful execution, so that they won't remain for
-both domains, f.e. a trusted management domain containing such administrative accounts.
-otherwise you have to do both steps seperately with different accounts.
-**username** and **password** are prunned from productproperties upon every successful execution, so that they won't remain for
 everyone to see in cleartext. //i hope an option for password-masking in productproperties will be available soon.//
 ==== Setup ====
+if a client currently is in a domain and shall join another, this script will try to unjoin from the current domain,
+and then joined to the new domain, with the same administrative account you provided. so you will need one account with sufficient privileges for
+both domains, f.e. a trusted management domain containing such administrative accounts. otherwise, you have to do both steps
+seperately - first unjoin, then join, with different accounts.
 <code winst>
 [Actions]
@@ Line 252: / Line 252: @@
 ==== Uninstall ====
+It seems that actually deleting computer accounts from a domain upon unjoin is currently not possible, so keep in mind that you need to manually delete the account if you want it to be gone, f.e. to re-use the name for another computer. //I am planning to add this as an optional feature.//
 <code winst>
 [Actions]
@@ Line 281: / Line 283: @@
 	showBitmap "%ScriptPath%\domain.png" "Active Directory"
 	message "Leave domain " + $DomainCurrent$
-	;leave domain
+	;unjoin domain
 	execwith_vbs_domain_unjoin cscript //nologo //e:vbs
 	sub_check_domain_unjoin

OPSI DokuWiki

User Tools

Site Tools

Differences

Page Tools