Solved

AD Computer Account Password Reset Question

Posted on 2015-02-04
4
43 Views
Last Modified: 2016-06-23
Once you have reset a computer account in AD what is the password? Does the password default back to the hostname?
0
Comment
Question by:Xytras1
4 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
Comment Utility
The computer passwords are something that Users will never know. This is a secure password (token) between the computer itself and the domain. Every 30 days this password automatically gets changed. This password also acts as a trust/secure channel with the computer and domain.

For more info on this computer password reset see the below link...
http://support.microsoft.com/kb/216393

Will.
0
 
LVL 3

Expert Comment

by:Rezwan Islam
Comment Utility
Interesting question. I actually thought it resets to a new password which both Domain Controller and the computer objects use to reinstate communication. Never wondered what that password could be. You can set it to the same password using a VBscript though.

Dim objComputer

Set objComputer = GetObject("LDAP://CN=computername,DC=YOURDOMAIN,DC=COM")
objComputer.SetPassword "computername$"

Wscript.Quit
0
 
LVL 32

Expert Comment

by:it_saige
Comment Utility
*No Points*

For a clarity, consider the following:
In Windows NT 4.0 and earlier, when an account is created for a
computer, the name of the account is set to the computer name (NetBIOS
style flat name), followed by the dollar sign ("$"), and the password is
set to the lowercase computer name.
(...)
(...)
In Active Directory and later, when an administrator creates a new
computer account, he can choose whether this account is created for a
legacy Windows client (pre-Windows 2000) or a new type of client
(Windows 2000 or later).  If the account is created for a legacy client, then
the computer account and password are set as described above to allow
for compatibility with older operating systems.  However, if the account
is created for a new operating system, then the computer account name
will be set to the computer name, followed by the dollar sign ("$").

However, unlike legacy clients the password will be set to a random
string longer than 14 characters, so a LM password hash will not be
generated for this computer account.
Source - Mechanics of User Identification and Authentication

-saige-
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they wer…
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now