Sign in
Home
Library
Wiki
Learn
Gallery
Downloads
Support
Forums
Blogs
Resources For IT Professionals
United States (English)
Россия (Pусский)
中国(简体中文)
Brasil (Português)
Post an article
Translate this page
Powered by
Microsoft® Translator
Wikis - Page Details
First published by
Craig Landis
(Microsoft)
When:
12 Mar 2010 11:23 AM
Last revision by
Pantelis44999
When:
8 Jan 2012 12:51 PM
Revisions:
8
Comments:
1
Options
Subscribe to Article (RSS)
Share this
Can You Improve This Article?
Positively!
Click Sign In to add the tip, solution, correction or comment that will help other users.
Report inappropriate content using
these instructions
.
Wiki
>
TechNet Articles
>
How to Reset Secure Channel Remotely Using Script
How to Reset Secure Channel Remotely Using Script
Article
History
How to Reset Secure Channel Remotely Using Script
This topic is a
how to.
Please keep it as clear and simple as possible. Avoid speculative discussions as well as a deep dive into underlying mechanisms or related technologies.
Paste the following VBscript code into Notepad and save it as
getcomplist.vbs
. The script will be used to generate a list of computers from Active Directory.
Be sure to replace
CN=computers,DC=fabrikam,DC=com
with the path that is relevant to your environment.
Const
ADS_SCOPE_SUBTREE
=
2
Set
objConnection
=
CreateObject
(
"
ADODB.Connection
"
)
Set
objCommand
=
CreateObject
(
"
ADODB.Command
"
)
objConnection
.
Provider
=
"
ADsDSOObject
"
objConnection
.
Open
"
Active Directory Provider
"
Set
objCOmmand
.
ActiveConnection
=
objConnection objCommand
.
CommandText
=
_
"
Select Name from 'LDAP://CN=computers,DC=fabrikam,DC=com'
"
_
&
"
Where objectClass='computer'
"
objCommand
.
Properties
(
"
Page Size
"
)
=
1000
objCommand
.
Properties
(
"
Searchscope
"
)
=
ADS_SCOPE_SUBTREE
Set
objRecordSet
=
objCommand
.
Execute
objRecordSet
.
MoveFirst
Do Until
objRecordSet
.
EOF
Wscript
.
Echo objRecordSet
.
Fields
(
"
Name
"
)
.Value
objRecordSet
.
MoveNext
Loop
Run the following command to get the output in a text file.
cscript getcomplist.vbs > complist.txt
Edit
complist.txt
to remove extra lines and spaces.
Create a batch file named remotejoin.bat which will remove the computer from domain and join it back using the Netdom tool.
Be sure to update the commands below with information that is relevant to your environment.
net use y:
\\netbiosnameofdc\share
/User:<netbiosnameofthedomain>\<domainadminaccount> <passwordofthedomainadmin>
copy y:\Netdom.exe %windir%\system32
net use y: /delete
netdom remove %computername% /DOMAIN:<netbiosnameofthedomain> /USERD:<netbiosnameofthedomain>\<domainadminaccount> /PASSWORDD:<passwordofthedomainadmin>
netdom join %computername% /DOMAIN:<netbiosnameofthedomain> /USERD:<netbiosnameofthedomain>\<domainadminaccount> /PASSWORDD:<passwordofthedomainadmin> /REBOOT
The first three lines are mapping Y: drive to shared folder on a domain controller where Netdom.exe resides and then copies it locally on the client machine. Later netdom is run to remove and join back the computer to domain.
Run
remotejoin.bat
on the client machines remotely using the
Psexec
tool.
Create another batch file named
initiate.bat
which will read the computer names from
complist.txt
and run
remotejoin.bat
using Psexec on remote computers.
For /F "delims=; " %%I in (C:\complist.txt) Do PSExec
\\%%I
-u %%I\Administrator -p <Remote Computer Admin Password> -c C:\remotejoin.bat -e -f
Make sure that you have placed complist.txt, remotejoin.bat and psexec.exe on the C: drive on a domain controller.
Run initiate.bat.
Active Directory