bbcac
asked on
Windows 7 clients machine password reset
We recently had to rebuilt a domain controller in active directory for a remote site. Some of the machines would not allow us to log onto the domain anymore.
Several of our servers at this site cited the "the trust relationship between this workstation and the domain failed". After rebuilding the domain controller I fixed the servers (server 2008 r2) by running this command
Reset-ComputerMachinePassw ord -Credential domain\admin -Server DomainController1
I tried to run this same command on my windows 7 clients but that didn't work. It complained about the credential parameter. I read a method for doing the same thing with NETDOM but these clients don't have netdom on them.
I also tried this script to no avial
Set objComputer = GetObject _
("LDAP://CN=client1,OU=cli ents1,OU=C OMPUTERS,D C=DOMAIN1, DC=COM")
objComputer.SetPassword "client1$"
We can fix the machines by having someone at the site take them off the domain and readding them. This is not an acceptable solution since there are a bunch of problematic systems and no permanent IT staff on site.
We can't do the remove / readd to the domain remotely since as soon as the systems come off the domain the firewall turns back to defaults, and remote desktop is disabled. Also remote registry is disabled too.
Here's what I tried
> running the powershell script above over RDP by signing on with local admin
> resetting the computer account on the domain controller (right click)
> running the vbscript above
I need to reset the machine account password remotely for dozens of systems.
Thanks in advance
Several of our servers at this site cited the "the trust relationship between this workstation and the domain failed". After rebuilding the domain controller I fixed the servers (server 2008 r2) by running this command
Reset-ComputerMachinePassw
I tried to run this same command on my windows 7 clients but that didn't work. It complained about the credential parameter. I read a method for doing the same thing with NETDOM but these clients don't have netdom on them.
I also tried this script to no avial
Set objComputer = GetObject _
("LDAP://CN=client1,OU=cli
objComputer.SetPassword "client1$"
We can fix the machines by having someone at the site take them off the domain and readding them. This is not an acceptable solution since there are a bunch of problematic systems and no permanent IT staff on site.
We can't do the remove / readd to the domain remotely since as soon as the systems come off the domain the firewall turns back to defaults, and remote desktop is disabled. Also remote registry is disabled too.
Here's what I tried
> running the powershell script above over RDP by signing on with local admin
> resetting the computer account on the domain controller (right click)
> running the vbscript above
I need to reset the machine account password remotely for dozens of systems.
Thanks in advance
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
These windows 7 boxes don't have netdom unfortunately
as said by xkincaiddx, just remove the join (make it as work group), restart, rejoin your domain and restart. this will remove the error (the trust relationship between this workstation and the domain failed)
ASKER
I can't restart as stated before but as xKincaidx I just skipped the reboot and it worked like a charm. No need to remove the AD computer object. Infact it was easier to not do that.
All fixed
Thanks
All fixed
Thanks
ASKER
no need to remove the computer object from AD
If you remove the computer from AD it gives the computer a new SID.
http://implbits.com/About/Blog/tabid/78/post/don-t-rejoin-to-fix-the-trust-relationship-between-this-workstation-and-the-primary-domain-failed/Default.aspx