Tuesday, May 1, 2012

Resetting a Computer Account without Rebooting

Computer accounts in a domain have a password just like user accounts. These accounts have a password that is changed automatically in the background every 30 days. When the password on the account and the password stored on the member server or client computer get out of sync, then the trust relationship is lost.

When the trust relationship is lost, the computer can no longer authenticate domain users. This can cause applications to fail and prevent users from logging on. You can verify that the trust relationship has failed based on an event in the System log.

Windows XP would often allow users to log on with cached credentials after the trust relationship was lost. Windows 7 typically displays a message about the trust relationship being lost and prevents domain users from logging on.

The following process rejoins the domain without losing any computer account information:
  1. Reset the computer account in Active Directory Users and Computers
  2. Configure the computer as a member of a workgroup.
  3. Rejoin the domain.
  4. Reboot to complete the process.
 However, you can also do it in PowerShell without requiring a reboot:
Test-ComputerSecureChannel -repair

1 comment: