columbiaG
asked on
how to fix domain trust issues with a user on active directory
user receives error when logging in that " the trust relationship between the workstation and the primary domain has failed"
You can simply remove that machine from the domain and rejoin, but what is causing the issue? Is there a time difference between the two? Check the settings on the machine before re-joining it to the domain, make sure that there is little to no time drift. Check to make sure all TCP/IP DNS settings are correct on the workstation, make sure it's pointing to the correct DNS.
The simplest fix is to remove the computer from the domain then re-add it.
If you have logon cache enabled you can just pull out the network cable from the back of the machine and then log in. Once you've logged in, remove the computer from the domain via the System Properties window (Control Panel > System).
Remember to reset the computer account in Active Directory Users and Computers before rejoining the computer to the domain. If you have multiple DCs then either wait for replication to occur or force replication manually.
If you have logon cache enabled you can just pull out the network cable from the back of the machine and then log in. Once you've logged in, remove the computer from the domain via the System Properties window (Control Panel > System).
Remember to reset the computer account in Active Directory Users and Computers before rejoining the computer to the domain. If you have multiple DCs then either wait for replication to occur or force replication manually.
ASKER
I have had this happen once before, had to delete and recreate the user profile in active directory, but that also caused the entire profile on the pc to be removed. had to log into the pc using non-domain admin credentials and recreate which required completely rebuilding her desktop and profile on the pc.....can I just reset her pc on the server which is providing domain control
ASKER
if I remove her from the domain, the add her back in, it completely removes her profile. the last time this happened I did that and it was a lot of work to bring the info back
if I remove her from the domain, the add her back in, it completely removes her profile. the last time this happened I did that and it was a lot of work to bring the info backNot sure why this happened but this specific problem has nothing to do with user accounts and more to do with the computer itself. Try logging in with any other user account on your domain and you will get the same error message.
When you join a computer to the domain, a computer object is created inside Active Directory. This computer object has it's own internal password that it uses to establish a trust with your domain controllers. Sometimes these passwords gets out of sync with the password copy that is stored on the domain controller so the trust relationship becomes broken as a result.
The only way to fix this is to reset the internal machine password. There are several methods to do this but the simplest method is to remove the computer from the domain then re-add it. Make sure you have access to a local account that has Administrator rights on this machine by either creating one or resetting the password on the default local Administrator account.
Once you rejoin the computer to the domain, you should be able to log back in as the user and everything will still be there. Do not delete and recreate the user's account.
ASKER
ok, but removing it from the domain, then restarting and then adding it back to the domain, causes you to create a completely new desktop profile, which requires all to be resetup again...could I not just go into the server controlling the domain, to the domain admin, computers, to the pc in question and reset its connection
ASKER
what is the easiest and fastest way to remove someone from the domain, control panel/system/change settings?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks will give it a try as you described