2.7.7.2 Unjoin from the Domain - Domain Client
In this use case, a client administrator wants to unjoin a domain client from the domain that it is currently part of, usually to repurpose or decommission the client computer.
Goal
Unjoin a domain client from the domain.
Context of Use
The domain-client administrator invokes this task to enable the domain client to unjoin from the domain so that the members of the domain do not access its resources.
Figure 39: Use case diagram to unjoin a domain client from the domain
Actors
Domain client
The domain client is the primary actor. It is the entity that locates and connects to the domain controller and unjoins from the domain. If the unjoin task fails, the local state of the domain client is unchanged.
Domain controller
The domain controller is the supporting actor that advertises its capabilities, responds to domain-unjoin inquiries, and services the request from the domain client to disable the domain account.
Stakeholders
Client administrator
The client administrator initiates the domain-unjoin process on the domain client.
The primary interest of the client administrator is that the state of the computer object on the domain controller is updated to reflect that the domain client has unjoined from the domain.
Client computer
The client computer is the computer on which the domain client runs before the domain-unjoin task is initiated.
The primary interest of the client computer is that the machine local state of the domain client is updated to reflect that the client has unjoined from the domain.
Preconditions
The client computer has successfully completed the domain join task, as described in preceding sections, and is still part of the domain.
Main Success Scenario
Trigger: The client administrator triggers this use case to unjoin the client computer from the domain.
The domain client uses the Locate a Domain Controller use case to locate a domain controller. For more information, see section 2.7.7.3.1.
The domain client uses the credentials of the domain administrator to establish an SMB/CIFS connection to the domain controller ([MS-SMB2], [MS-SMB], or [MS-CIFS]).
The domain client uses the SAMR protocol to disable the machine account on the domain controller [MS-SAMR].
The (former) domain client updates its local state.
The (former) domain client closes connections.
The (former) domain client reinitializes local protocols.
Postcondition
The domain client is no longer joined to the domain.
Extensions
None.