Windows Server 2016 – three ways for clients to go out of domain


We mentioned the operation method of adding domain to the client. This chapter supplements the operation process of domain client’s domain exit, including three methods: graphical, netdom remove and PowerShell. The specific contents are as follows:

Graphical method of domain withdrawal:

1. Win key, right-click computer property:


2. In the system interface, select “change settings” in the computer name, domain and workgroup settings fields:


3. In the system properties interface, select change:


4. In the change interface subordinate box, select a workgroup and type the information of the workgroup you want to join, and confirm:


5. Prompt “after leaving the domain, you need to know the password of the local administrator account to log in to the computer. Click OK to continue:


6. Successfully joined the working group. Restart the computer according to the prompt:


7. Workgroup client validation:

7.1. The system attribute interface determines that the computer information belongs to the working group workgroup:


7.2. In the active directory user and computer management console, select computers to view the computer status as disabled:


7.3. There is no previous record of corresponding computer name and IP address information a in DNS Manager Console:


7.4. The local login account is the system administrator account:



Netdom remove undock method:

A. open the command prompt as an administrator, and enter the following command to exit the domain:

netdom remove %comptername% /d:azureyun.local /userd:azureyun.local\administrator /passwordd:abc.123!


B. restart the computer and view the information of active directory users and computers in the computer according to the prompts:


C. check that there is no a record information in DNS Manager:


D. view the current login account information:



PowerShell domain exit method:

Remove computer removes a computer from the domain“Delete computer “It will also be banned.ComputerDomain account for. You must provide explicit credentials to unjoin a computer from its domain, even if they are the credentials of the current user. You must restart your computer for the changes to take effect. In addition, when you remove a computer from a domain, you must move it to a workgroup. UseWorkgroupNameParameter specifies the workgroup.

Remove-Computer [-UnjoinDomainCredential] [-ComputerName ] [-Confirm] [-Force] [-LocalCredential ] [-PassThru] [-Restart] [-WhatIf] [-WorkgroupName ] []
Remove-Computer [[-UnjoinDomainCredential] ] [-Confirm] [-Force] [-PassThru] [-Restart] [-WhatIf] [-WorkgroupName ] []

Example 1: remove the local computer from its domain

Remove-Computer -UnjoinDomaincredential azureyun\admin -PassThru -Verbose -Restart

This command usesUnjoinDomainCredentialParameter provides credentials for the domain administrator. Its usePassThruParameters andVerboseGeneral parameters to display information about the success or failure of the command, and use theRestartParameter, which is necessary to complete the delete operation.

Because the command does not specify a workgroup name, the local computer will be moved to the workgroup after it is removed from its domain.

Example 2: moving multiple computers to legacy workgroups

Remove-Computer -ComputerName (Get-Content OldServers.txt) -LocalCredential azureyun\admin -UnJoinDomainCredential azureyun\admin -WorkgroupName “Legacy” -Force -Restart

This command removes all the computers listed in the oldservers.txt file from its domain and includes them in older workgroups.

This command usesLocalCredentialParameter provides the credentials of the user authorized to connect to the remote computer, andUnjoinDomainCredentialParameter to provide the credentials of the user who has permission to remove the computer from its domain. Its useForceParameter to disable the confirmation prompt for each computer and use theRestartParameter to restart each computer after it has been removed from its domain.

Example 3: force computer removal from Workgroup

Remove-Computer -ComputerName “scserver”, “localhost” -UnjoinDomainCredential azureyun\admin -WorkgroupName “Local” -Restart -Force

This command removes the scserver remote and local computers from their domains and adds them to the local workgroup. Its useForceParameter to disable the confirmation prompt for each computer and use theRestartParameter to restart the computer for the changes to take effect.


Or we can delete the domain computer information manually or directly from the command line in the domain control background:

The remove adcomputer command has the following format: remove adcomputer identity computername

Welcome to WeChat public: Xiao Wen Xi she.