Solved

AD Computer Account Password Reset Question

Posted on 2015-02-04
4
60 Views
Last Modified: 2016-06-23
Once you have reset a computer account in AD what is the password? Does the password default back to the hostname?
0
Comment
Question by:Xytras1
4 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 40590072
The computer passwords are something that Users will never know. This is a secure password (token) between the computer itself and the domain. Every 30 days this password automatically gets changed. This password also acts as a trust/secure channel with the computer and domain.

For more info on this computer password reset see the below link...
http://support.microsoft.com/kb/216393

Will.
0
 
LVL 3

Expert Comment

by:Rezwan Islam
ID: 40590081
Interesting question. I actually thought it resets to a new password which both Domain Controller and the computer objects use to reinstate communication. Never wondered what that password could be. You can set it to the same password using a VBscript though.

Dim objComputer

Set objComputer = GetObject("LDAP://CN=computername,DC=YOURDOMAIN,DC=COM")
objComputer.SetPassword "computername$"

Wscript.Quit
0
 
LVL 33

Expert Comment

by:it_saige
ID: 40590179
*No Points*

For a clarity, consider the following:
In Windows NT 4.0 and earlier, when an account is created for a
computer, the name of the account is set to the computer name (NetBIOS
style flat name), followed by the dollar sign ("$"), and the password is
set to the lowercase computer name.
(...)
(...)
In Active Directory and later, when an administrator creates a new
computer account, he can choose whether this account is created for a
legacy Windows client (pre-Windows 2000) or a new type of client
(Windows 2000 or later).  If the account is created for a legacy client, then
the computer account and password are set as described above to allow
for compatibility with older operating systems.  However, if the account
is created for a new operating system, then the computer account name
will be set to the computer name, followed by the dollar sign ("$").

However, unlike legacy clients the password will be set to a random
string longer than 14 characters, so a LM password hash will not be
generated for this computer account.
Source - Mechanics of User Identification and Authentication

-saige-
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question