After calling this method, restart the affected computer to apply the changes.
The Unjoin a Computer from a Domain VBScript sample unjoins the local computer from its current domain and disables the computer account.
The Unjoin a Computer from a Domain using VBS script sample unjoins a specified computer from a domain. .
Example
Do not run below example code just to see what happens next. Many methods seriously affect your system. Always make sure you actually understand what the method and the code do.
param
(
[Parameter(Mandatory)]
[UInt32]
$FUnjoinOptions,
[Parameter(Mandatory)]
[String]
$Password,
[Parameter(Mandatory)]
[String]
$UserName
)
$query = 'Select * From Win32_ComputerSystem'
Invoke-CimMethod -Query $query -MethodName UnjoinDomainOrWorkgroup -Arguments $PSBoundParameters |
Add-Member -MemberType ScriptProperty -Name ReturnValueFriendly -Passthru -Value {
switch ([int]$this.ReturnValue)
{
0 {'Success'}
default {"Unknown Error $_"}
}
}
To run this method on one or more remote systems, use New-CimSession:
param
(
[Parameter(Mandatory)]
[UInt32]
$FUnjoinOptions,
[Parameter(Mandatory)]
[String]
$Password,
[Parameter(Mandatory)]
[String]
$UserName,
[String[]]
$ComputerName,
[PSCredential]
$Credential
)
$session = New-CimSession -ComputerName $ComputerName -Credential $Credential
$query = 'Select * From Win32_ComputerSystem'
Invoke-CimMethod -Query $query -MethodName UnjoinDomainOrWorkgroup -Arguments $PSBoundParameters -CimSession $session |
Add-Member -MemberType ScriptProperty -Name ReturnValueFriendly -Passthru -Value {
switch ([int]$this.ReturnValue)
{
0 {'Success'}
default {"Unknown Error $_"}
}
}
Remove-CimSession -CimSession $session
Learn more about
Invoke-CimMethodand invoking WMI methods.
Syntax
uint32 UnjoinDomainOrWorkgroup(
[in] string Password,
[in] string UserName,
[in] uint32 FUnjoinOptions =
);
Parameters
| Name | Type | Description |
|---|---|---|
| FUnjoinOptions | UInt32 | The FUnjoinOptions parameter specifies the unjoin options. If this parameter is NETSETUP_ACCT_DELETE, the account is disabled when the unjoin occurs. Note that this option does not delete the account. Currently, there are no other unjoin options defined. 2 bit - Acct Delete - Delete the account when a domain is left. The method returns a 0 if no options are involved. |
| Password | String | If the UserName parameter specifies an account name, the Password parameter must point to the password to use when connecting to the domain controller. Otherwise, this parameter must be NULL. Password and Username must use a high authentication level (i.e. no less than RPC_C_AUTHN_LEVEL_PKT_PRIVACY) when they connect to winmgmt (i.e. in the call to obtain the IWbemServices interface) or SetProxyBlanket on their IWbemServices ptr. If they are local to winmgmt then this is not a concern because their authentication level is as good as RPC_C_AUTHN_LEVEL_PKT_PRIVACY as well as their client request never goes over the wire to get to the winmgmt. If Password and Username are left null, the provider does not care. If the provider determines that the authentication level is too low and a Password or Username has been specified then WBEM_E_ENCRYPTED_CONNECTION_REQUIRED will be returned. |
| UserName | String | The Username parameter is a pointer to a constant null-terminated character string that specifies the account name to use when connecting to the domain controller. The string must specify either a domain NetBIOS name and user account (for example, “REDMOND\user”) or the user principal name (UPN) of the user in the form of an Internet-style login name (for example, “[email protected]”). If this parameter is NULL, the caller’s context is used. Blank password is passed by using an empty string Password and Username must use a high authentication level (i.e. no less than RPC_C_AUTHN_LEVEL_PKT_PRIVACY) when they connect to winmgmt (i.e. in the call to obtain the IWbemServices interface) or SetProxyBlanket on their IWbemServices ptr. If they are local to winmgmt then this is not a concern because their authentication level is as good as RPC_C_AUTHN_LEVEL_PKT_PRIVACY as well as their client request never goes over the wire to get to the winmgmt. If Password and Username are left null, the provider does not care. If the provider determines that the authentication level is too low and a Password or Username has been specified then WBEM_E_ENCRYPTED_CONNECTION_REQUIRED will be returned. |
FUnjoinOptions
[Flags()]Enum ComputerSystemFUnjoinOptions
{
AccountDelete = 4 # Disable the Active Directory account after the unjoin operation, but do not delete the account.
}
Return Value
Returns a value of type UInt32. Return values:
$returnValues = @{
0 = 'Success'
}
See Also
Additional methods implemented by Win32_ComputerSystem:
JoinDomainOrWorkgroup()
JoinDomainOrWorkgroup() adds a computer system to a domain or workgroup.
Rename()
Rename() renames a local computer.
SetPowerState()
SetPowerState() not implemented.
Requirements
To use Win32_ComputerSystem, the following requirements apply:
PowerShell
Get-CimInstance was introduced with PowerShell Version 3.0, which in turn was introduced on clients with Windows 8 and on servers with Windows Server 2012.
If necessary, update Windows PowerShell to Windows PowerShell 5.1, or install PowerShell 7 side-by-side.
Operating System
Win32_ComputerSystem was introduced on clients with Windows Vista and on servers with Windows Server 2008.
Namespace
Win32_ComputerSystem lives in the Namespace Root/CIMV2. This is the default namespace. There is no need to use the -Namespace parameter in Get-CimInstance.
Implementation
Win32_ComputerSystem is implemented in CIMWin32.dll and defined in CIMWin32.mof. Both files are located in the folder C:\Windows\system32\wbem:
explorer $env:windir\system32\wbem
notepad $env:windir\system32\wbem\CIMWin32.mof