Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1529
  • Last Modified:

The trust relationship is lost between this workstation

I have several computers that after being off the network for a period greater than 6 months, I cannot log back into them on the network as a Domain Admin. I get an error message that states "The trust relationship between the workstation and the primary domain failed".
I have read that to correct this problem, you would need to remove the computer from the domain by changing from the domain to a workgroup, and then changing is back.
Here lies the problem. The Administrators account on the machines has been disabled by group policy. I cannot get logged into any of these machines.
How do I rejoin these computers to the domain? How do I log in locally when the Administrator account has been disabled. If I change the GP so that the Admin account is not disabled, does it return to an enabled state? Also, I read somewhere that if you log in using Safe Mode that that Administrators account is automatically enabled, but it still show disabled when I tried it.
Please help.
0
separris
Asked:
separris
1 Solution
 
bcoyxpCommented:
try using this one to reset your local admin password.

http://home.eunet.no/pnordahl/ntpasswd/

regards,
0
 
separrisAuthor Commented:
bcoyxp, I attempted to reset the password using your utilitiy, but it did not work. I am getting a message that states "Your account has been disabled". I guess this would make since because this account was disabled using GP when the machine was last on the network.

Any other ideas?
0
 
techxpertsCommented:
from ad users and computers on the DC have u tried to rt click the computer and reset the computer account?
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
techxpertsCommented:
see any of these events in your event viewer on the local machine or dc?

http://support.microsoft.com/kb/216393

can u remotely access the client pcs in question through computer management with domain admin credentials?
0
 
separrisAuthor Commented:
The computer name no longer exist in AD. When the computer was being used 6 months ago, obviously it was in AD. Since then, some cleanup of old inactive accounts and computers were removed from AD. This computer name was one of them. Could this be causing the problem? I attemted to readd the name as it use to be manually, but nothing changed. I also reactivated the user account and used the same password that the old user had, but still no go.
0
 
techxpertsCommented:
if the computer no longer exists in ad thats definately the problem...deleting from the ad destroyed the trust relationship between that computer and the domain controllers. u may be able to restore the deleted computer account

http://www.petri.co.il/recovering-deleted-items-active-directory.htm

0
 
techxpertsCommented:
try the adrestore link in that article for that free utlity
0
 
iamshakedCommented:
Check your DNS settings thoroughly, I had an issue with this on another clients network. This fixed my issue after an hour of hair pulling.
0
 
Rob StoneCommented:
If your pc isn't in the domain a reboot should get rid of any GPO setting that was applied as the GPO is applied when Windows is contacting the domain.

I was pretty sure http://home.eunet.no/pnordahl/ntpasswd/ had an option to re-enable an account if it was disabled.
0
 
techxpertsCommented:
stoner problem is i think the client caches the gpo settings even if no dc is available. think copoprate laptop user whos on the road. no dc to contact but all the policies are in effect
0
 
separrisAuthor Commented:
Thanks for all of the input. To gain access to these machines, which were de-installed, I formatted the HDD and started over. I have changed an internal policy to move items in AD and not delete them. This should solve the problem in the future.
0
 
techxpertsCommented:
separris: its ok to delete objects from AD if you are wiping machines and reloading an image or the OS let it regenerate the SID (a clean xp install does this also) and rejoin the domain and youll be fine. We have a stock image we reapply to broken machines or when someone leaves with std apps etc installed. part of the imaging process (using sysprep) generates a new SID for the computer and joins it to the domain, look into that option then delete stale computer accts at will
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now