Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Windows 7 clients machine password reset

Posted on 2013-05-12
7
Medium Priority
?
2,482 Views
Last Modified: 2013-05-14
We recently had to rebuilt a domain controller in active directory for a remote site. Some of the machines would not allow us to log onto the domain anymore.

Several of our servers at this site cited the "the trust relationship between this workstation and the domain failed". After rebuilding the domain controller I fixed the servers (server 2008 r2) by running this command

Reset-ComputerMachinePassword -Credential domain\admin -Server DomainController1

I tried to run this same command on my windows 7 clients but that didn't work. It complained about the credential parameter. I read a method for doing the same thing with NETDOM but these clients don't have netdom on them.

I also tried this script to no avial

Set objComputer = GetObject _
    ("LDAP://CN=client1,OU=clients1,OU=COMPUTERS,DC=DOMAIN1,DC=COM")
objComputer.SetPassword "client1$"

We can fix the machines by having someone at the site take them off the domain and readding them. This is not an acceptable solution since there are a bunch of problematic systems and no permanent IT staff on site.

We can't do the remove / readd to the domain remotely since as soon as the systems come off the domain the firewall turns back to defaults, and remote desktop is disabled. Also remote registry is disabled too.

Here's what I tried
> running the powershell script above over RDP by signing on with local admin
> resetting the computer account on the domain controller (right click)
> running the vbscript above

I need to reset the machine account password remotely for dozens of systems.

Thanks in advance
0
Comment
Question by:bbcac
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 6

Expert Comment

by:mrcannon
ID: 39160196
This article mentions running the netdom on UAC machines as administrator.  Did you do that (even if logged in as admin)?

http://implbits.com/About/Blog/tabid/78/post/don-t-rejoin-to-fix-the-trust-relationship-between-this-workstation-and-the-primary-domain-failed/Default.aspx
0
 
LVL 15

Accepted Solution

by:
Skyler Kincaid earned 2000 total points
ID: 39160279
It is interesting that when you remove the computers from the domain that it disables RDP and turns the firewall back on. We have seen this a few times across our 50 clients and we always un-join and re-join them to the domain remotely.

If you un-join the computer from the domain, hit cancel when it tells you that you have to reboot now, delete the computer from AD (if it is even in there), and then re-join it right away without rebooting you will be good to go. After you re-join it you can reboot and it will still be one the domain but the computer account will be re-created.

We do this all the time and never have issues. By doing this your are re-creating the machine account in AD which is what is missing.
0
 

Author Comment

by:bbcac
ID: 39160282
These windows 7 boxes don't have netdom unfortunately
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 10

Expert Comment

by:Sam Simon Nasser
ID: 39160528
as said by xkincaiddx, just remove the join (make it as work group), restart, rejoin your domain and restart. this will remove the error (the trust relationship between this workstation and the domain failed)
0
 

Author Comment

by:bbcac
ID: 39165466
I can't restart as stated before but as  xKincaidx I just skipped the reboot and it worked like a charm. No need to remove the AD computer object. Infact it was easier to not do that.

All fixed

Thanks
0
 

Author Closing Comment

by:bbcac
ID: 39165469
no need to remove the computer object from AD
0
 
LVL 15

Expert Comment

by:Skyler Kincaid
ID: 39166148
If you remove the computer from AD it gives the computer a new SID.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
In this modest contribution, I want to share with the IT community (especially system administrators, IT Support Engineers and IT Help Desks) about Windows crashes/hangs and how to deal with these particular problems.
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question