Actually, I do/did leave the domain in the normal Windows way. But the (former) domain member computer still always show both in ADUC and samba-tool group listmembers "Domain Computers". So, I normally do a 2nd step by deleting the computer with ADUC. After doing so the computer no longer shows with samba-tool group listmembers "Domain Computers". I was simply looking for a way to do this 2nd step with samba-tool if ADUC happens to not be available. I don't see "remove" as a subcommand option for my 'samba-tool computer'. Perhaps that is not available in the version I am running, 4.8.2? THX --Mark On Thu, 30 May 2019 08:46:47 +0100 Rowland penny <rpenny at samba.org> wrote:> > On 30/05/2019 05:43, Mark Foley via samba wrote: > >> Hi Mark, can I ask just what you are trying to achieve ? > > Well, it's rather simple. I want to remove a domain member from the domain. Normally, I do that > > with ADUC, no problem. But for some reason I was having trouble with ADUC (since resovled, > > magically), so I thought I'd try the same thing using samba-tool. That's it really. > If you are referring to a Windows computer, then you should log into it > and leave the domain in the normal Windows way. A Unix domain member is > similar, you just run 'net ads leave -U Administrator' in a terminal > > > > You wrote further: > > > >> I hope you can see that trying to remove a computer from Domain Computers will not work because > >> the 'backlinks' do not exist. > > Fine, I can live with that. But then how do you actually remove a member computer from the > > domain? Is ADUC the only way to do it? > > > if, after the computer leaves the domain, the computers object is still > in AD and you wish to remove it, you can do this with 'samba-tool > computer remove' > > Rowland >
On 30/05/2019 12:57, Mark Foley via samba wrote:> Actually, I do/did leave the domain in the normal Windows way. But the (former) domain member > computer still always show both in ADUC and samba-tool group listmembers "Domain Computers". > So, I normally do a 2nd step by deleting the computer with ADUC. After doing so the computer > no longer shows with samba-tool group listmembers "Domain Computers".This shows the problem with emails to a mailing list, this is the first time you have described just what you do and why you do it ;-)> > I was simply looking for a way to do this 2nd step with samba-tool if ADUC happens to not be > available. > > I don't see "remove" as a subcommand option for my 'samba-tool computer'. Perhaps that is not > available in the version I am running, 4.8.2? >Sorry, should have mentioned it, the 'computer' commands were added at 4.9.0. Rowland
On Thu, 30 May 2019 13:20:32 +0100 Rowland penny <rpenny at samba.org> wrote:> > On 30/05/2019 12:57, Mark Foley via samba wrote: > > Actually, I do/did leave the domain in the normal Windows way. But the (former) domain member > > computer still always show both in ADUC and samba-tool group listmembers "Domain Computers". > > So, I normally do a 2nd step by deleting the computer with ADUC. After doing so the computer > > no longer shows with samba-tool group listmembers "Domain Computers". > This shows the problem with emails to a mailing list, this is the first > time you have described just what you do and why you do it ;-) > > > > I was simply looking for a way to do this 2nd step with samba-tool if ADUC happens to not be > > available. > > > > I don't see "remove" as a subcommand option for my 'samba-tool computer'. Perhaps that is not > > available in the version I am running, 4.8.2? > > > Sorry, should have mentioned it, the 'computer' commands were added at > 4.9.0. > > Rowland >OK, so bottom-line, there is no (simple) mechanism to remove a domain member computer from the domain prior to 4.9.0, right? Use ADUC. --Mark