Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All

2.7.7.2 Unjoin from the Domain - Domain Client

In this use case, a client administrator wants to unjoin a domain client from the domain that it is currently part of, usually to repurpose or decommission the client computer.

Goal

Unjoin a domain client from the domain.

Context of Use

The domain-client administrator invokes this task to enable the domain client to unjoin from the domain so that the members of the domain do not access its resources.

MS-ADOD_pict995d501e-5587-c7b9-beb2-94b86a97b735.png

Figure 39: Use case diagram to unjoin a domain client from the domain

Actors

  • Domain client

  • The domain client is the primary actor. It is the entity that locates and connects to the domain controller and unjoins from the domain. If the unjoin task fails, the local state of the domain client is unchanged.

  • Domain controller

  • The domain controller is the supporting actor that advertises its capabilities, responds to domain-unjoin inquiries, and services the request from the domain client to disable the domain account.

Stakeholders

  • Client administrator

  • The client administrator initiates the domain-unjoin process on the domain client.

    The primary interest of the client administrator is that the state of the computer object on the domain controller is updated to reflect that the domain client has unjoined from the domain.

  • Client computer

  • The client computer is the computer on which the domain client runs before the domain-unjoin task is initiated.

    The primary interest of the client computer is that the machine local state of the domain client is updated to reflect that the client has unjoined from the domain.

Preconditions

  • The client computer must have successfully completed the domain join task, as described in preceding sections, and must still be part of the domain.

Main Success Scenario

  1. Trigger: The client administrator triggers this use case to unjoin the client computer from the domain.

  2. The domain client uses the Locate a Domain Controller use case to locate a domain controller. For more information, see section 2.7.7.3.1.

  3. The domain client uses the credentials of the domain administrator to establish an SMB/CIFS connection to the domain controller ([MS-SMB2], [MS-SMB], or [MS-CIFS]).

  4. The domain client uses the SAMR protocol to disable the machine account on the domain controller [MS-SAMR].

  5. The (former) domain client updates its local state.

  6. The (former) domain client closes connections.

  7. The (former) domain client reinitializes local protocols.

Postcondition

The domain client is no longer joined to the domain.

Extensions

None.

Show:
© 2015 Microsoft