kbettencourt
asked on
Windows 10 client lost trust relationship with 2012r2 domain
One of the PCs we upgraded to windows 10 will not login to the domain because the machine has lost the trust relationship.
If you enter a bogus password it knows it is incorrect.
A correct password will produce the issue.
No longer have the local machine user credentials. When trying to log into the local machine with user "administrator" and a bogus password it responds with a this account has been disabled message.
Thought I would ask if there is a resolution before rebuilding the machine from scratch.
Thanks
Karl
If you enter a bogus password it knows it is incorrect.
A correct password will produce the issue.
No longer have the local machine user credentials. When trying to log into the local machine with user "administrator" and a bogus password it responds with a this account has been disabled message.
Thought I would ask if there is a resolution before rebuilding the machine from scratch.
Thanks
Karl
Make sure you the computer isn't attempting to log you in using the local administrator. That may be the account that is disabled. When you type in "Administrator" as your username, since Windows Vista came out and changed the login system, the login screen will default to the local administrator account if you just enter "Administrator" as your user name. You need to type in the domain if you want to log in as the domain admin. Use domain\administrator or administrator@domain.local .
You can try resetting the machine account for that Windows 10 computer. From a server logged in as an administrator: "dsmod computer <ComputerDN> -reset"
Option 2:
I don't know if Windows 10 has the equivalent to safe mode. Booting in safe mode in older OS would re-enable the disabled local administrator account. (Possibly old knowledge though, I don't know for certain that it applies in Windows 10.)
Option 2:
I don't know if Windows 10 has the equivalent to safe mode. Booting in safe mode in older OS would re-enable the disabled local administrator account. (Possibly old knowledge though, I don't know for certain that it applies in Windows 10.)
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you know a domain account that was an administrator on the local box, that administrator has logged into the system, and you haven't disabled credential caching -- disconnect the NIC, and login using the domain administrator.
ASKER
Thanks all for the replies. Will give it a try in the morning.
ASKER
Thanks. I was able to contact the person that installed the OS and have the local machine password now.
Also was able to get in with my domain admin account after disconnecting the NIC and booting. That one was a simple intuitive and logical method.
Also liked the pogostick bootdisk. It works.
Also was able to get in with my domain admin account after disconnecting the NIC and booting. That one was a simple intuitive and logical method.
Also liked the pogostick bootdisk. It works.
You may need to power down the machine and unplug it from the wall to make sure no junk information is left in the NIC.
Ooopps...never mind...just read you don't have the local PC creds.
At this point your only option is to rebuild the machine from scratch as you said.