Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

AD Computer Account Password Reset Question

Posted on 2015-02-04
4
66 Views
Last Modified: 2016-06-23
Once you have reset a computer account in AD what is the password? Does the password default back to the hostname?
0
Comment
Question by:Xytras1
4 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 40590072
The computer passwords are something that Users will never know. This is a secure password (token) between the computer itself and the domain. Every 30 days this password automatically gets changed. This password also acts as a trust/secure channel with the computer and domain.

For more info on this computer password reset see the below link...
http://support.microsoft.com/kb/216393

Will.
0
 
LVL 3

Expert Comment

by:Rezwan Islam
ID: 40590081
Interesting question. I actually thought it resets to a new password which both Domain Controller and the computer objects use to reinstate communication. Never wondered what that password could be. You can set it to the same password using a VBscript though.

Dim objComputer

Set objComputer = GetObject("LDAP://CN=computername,DC=YOURDOMAIN,DC=COM")
objComputer.SetPassword "computername$"

Wscript.Quit
0
 
LVL 33

Expert Comment

by:it_saige
ID: 40590179
*No Points*

For a clarity, consider the following:
In Windows NT 4.0 and earlier, when an account is created for a
computer, the name of the account is set to the computer name (NetBIOS
style flat name), followed by the dollar sign ("$"), and the password is
set to the lowercase computer name.
(...)
(...)
In Active Directory and later, when an administrator creates a new
computer account, he can choose whether this account is created for a
legacy Windows client (pre-Windows 2000) or a new type of client
(Windows 2000 or later).  If the account is created for a legacy client, then
the computer account and password are set as described above to allow
for compatibility with older operating systems.  However, if the account
is created for a new operating system, then the computer account name
will be set to the computer name, followed by the dollar sign ("$").

However, unlike legacy clients the password will be set to a random
string longer than 14 characters, so a LM password hash will not be
generated for this computer account.
Source - Mechanics of User Identification and Authentication

-saige-
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question