Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Delete Domain Admins from local 'Administrators' group on server.

Status
Not open for further replies.

0LaoyanG0

MIS
Nov 12, 2002
25
US
Here's my situation. I have a script that works great to remove the "Domain Admins" from my server.
What's the problem you wonder.....
It works great as long as you are logged onto the domain.
My problem is that when I join the domain, I want to immediately delete the "Domain Admins" group from the local "Administrators" group.

Here's the script...

Call RemoveDomainGroupFromLocalGroup("Domain Admins","Administrators")
MsgBox "Done!"
Sub RemoveDomainGroupFromLocalGroup(varDomainGroupName,varLocalGrouName)
Set oWshNet = CreateObject("WScript.Network")

'get computer name
strComputer = oWshNet.ComputerName

'sets string for local computer group
Set objGroup = GetObject("WinNT://" & strComputer & "/" & varLocalGrouName)

'Bind to the Domain Group in the local system you want to remove.
Set objUser = GetObject("WinNT://DomainName/" & varDomainGroupName)

'ignore errors that will result if group is not there
On Error Resume Next
'MsgBox objUser.ADsPath
objGroup.Remove(objUser.ADsPath)
On Error Goto 0

Set oWshNet = Nothing
Set objGroup = Nothing
Set objUser = Nothing
End Sub

Now what I want to do is, after I join the domain, I want to just run the script to delete the "Domain Admins" group. When I run the script I get the error on the following line:
Set objUser = GetObject("WinNT://DomainName/" & varDomainGroupName)

I can't remember offhand but it said it couldn't find the local machine.

If you are going to replicate this, build a server 2003 box, join a domain, DO NOT REBOOT!!!, and run the script.

Any help on this would be greatly appreciated. For a lame workaround I am opening the MMC to prompt to delete through the GUI. I know, lame because real men don't click!

 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top