AD Computer Account Password Reset Question

Once you have reset a computer account in AD what is the password? Does the password default back to the hostname?
Xytras1Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Will SzymkowskiConnect With a Mentor Senior Solution ArchitectCommented:
The computer passwords are something that Users will never know. This is a secure password (token) between the computer itself and the domain. Every 30 days this password automatically gets changed. This password also acts as a trust/secure channel with the computer and domain.

For more info on this computer password reset see the below link...
http://support.microsoft.com/kb/216393

Will.
0
 
Rezwan IslamSystems AdministratorCommented:
Interesting question. I actually thought it resets to a new password which both Domain Controller and the computer objects use to reinstate communication. Never wondered what that password could be. You can set it to the same password using a VBscript though.

Dim objComputer

Set objComputer = GetObject("LDAP://CN=computername,DC=YOURDOMAIN,DC=COM")
objComputer.SetPassword "computername$"

Wscript.Quit
0
 
it_saigeDeveloperCommented:
*No Points*

For a clarity, consider the following:
In Windows NT 4.0 and earlier, when an account is created for a
computer, the name of the account is set to the computer name (NetBIOS
style flat name), followed by the dollar sign ("$"), and the password is
set to the lowercase computer name.
(...)
(...)
In Active Directory and later, when an administrator creates a new
computer account, he can choose whether this account is created for a
legacy Windows client (pre-Windows 2000) or a new type of client
(Windows 2000 or later).  If the account is created for a legacy client, then
the computer account and password are set as described above to allow
for compatibility with older operating systems.  However, if the account
is created for a new operating system, then the computer account name
will be set to the computer name, followed by the dollar sign ("$").

However, unlike legacy clients the password will be set to a random
string longer than 14 characters, so a LM password hash will not be
generated for this computer account.
Source - Mechanics of User Identification and Authentication

-saige-
0
All Courses

From novice to tech pro — start learning today.