This topic is a how to.
Please keep it as clear and simple as possible. Avoid speculative discussions as well as a deep dive into underlying mechanisms or related technologies.
  1. Paste the following VBscript code into Notepad and save it as getcomplist.vbs. The script will be used to generate a list of computers from Active Directory.

    Be sure to replace CN=computers,DC=fabrikam,DC=com with the path that is relevant to your environment.

    Const ADS_SCOPE_SUBTREE = 2

    Set objConnection = CreateObject("ADODB.Connection")
    Set objCommand = CreateObject("ADODB.Command")

    objConnection.Provider = "ADsDSOObject"
    objConnection.Open "Active Directory Provider"

    Set objCOmmand.ActiveConnection = objConnection objCommand.CommandText = _
    "Select Name from 'LDAP://CN=computers,DC=fabrikam,DC=com' " _
    & "Where objectClass='computer'"
    objCommand.Properties("Page Size") = 1000
    objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

    Set objRecordSet = objCommand.Execute

    objRecordSet.MoveFirst

    Do Until objRecordSet.EOF
        Wscript.Echo objRecordSet.Fields("Name").Value
        objRecordSet.MoveNext
    Loop
  2. Run the following command to get the output in a text file.

    cscript getcomplist.vbs > complist.txt
  3. Edit complist.txt to remove extra lines and spaces.
  4. Create a batch file named remotejoin.bat which will remove the computer from domain and join it back using the Netdom tool.

    Be sure to update the commands below with information that is relevant to your environment.

    net use y: \\netbiosnameofdc\share /User:<netbiosnameofthedomain>\<domainadminaccount> <passwordofthedomainadmin>
    copy y:\Netdom.exe %windir%\system32
    net use y: /delete
    netdom remove %computername% /DOMAIN:<netbiosnameofthedomain> /USERD:<netbiosnameofthedomain>\<domainadminaccount> /PASSWORDD:<passwordofthedomainadmin>
    netdom join %computername% /DOMAIN:<netbiosnameofthedomain> /USERD:<netbiosnameofthedomain>\<domainadminaccount> /PASSWORDD:<passwordofthedomainadmin> /REBOOT

    The first three lines are mapping Y: drive to shared folder on a domain controller where Netdom.exe resides and then copies it locally on the client machine. Later netdom is run to remove and join back the computer to domain.
  5. Run remotejoin.bat on the client machines remotely using the Psexec tool.
  6. Create another batch file named initiate.bat which will read the computer names from complist.txt and run remotejoin.bat using Psexec on remote computers.

    For /F "delims=; " %%I in (C:\complist.txt) Do PSExec \\%%I -u %%I\Administrator -p <Remote Computer Admin Password> -c C:\remotejoin.bat -e -f

    Make sure that you have placed complist.txt, remotejoin.bat and psexec.exe on the C: drive on a domain controller.
  7. Run initiate.bat.


See Also