Wednesday, June 18, 2014

Powershell fix: The trust relationship between this workstation and the primary domain failed

We're a heavily virtualized shop.  To save on host resources, we often shutdown Test/Dev/Staging/template servers that are not in use.

One of the drawbacks of this is I would often receive the following error when powering on a server that has been off the network for a while:



The error is often due to the computer password no longer matching the one in Active Directory.   This is caused by the computer being offline for a while, or when reverting to an old snapshot or backup.

In the past, I've been removing the server from AD and rejoining the domain.  As the number of these occurances have increased, I've been leveraging powershell to fix this issue as quickly and efficiently as possible. 

To resolve this issue, log into the offending server using the local admin account.  Launch Powershell as an administrator and run the following cmdlet:

Reset-ComputerMachinePassword [-Credential <PSCredential> ] [-Server <String> ] [-Confirm] [-WhatIf] [ <CommonParameters>]


For -server, enter your the domain controller.

Enter the password when prompted and reboot.  You will now be able to log into the server using domain credentials.

**Update**  
If you're using a version of powershell below 3, you'll receive the following error:

Reset-ComputerMachinePassword : A parameter cannot be found that matches parameter name 'credential'.

In that case, I typically fall back to the old Netdom command:

netdom resetpwd /s:server /ud:domain\User /pd:*
or 
netdom resetpwd /server:server /userD:domain\User /PasswordD *


1 comment:

  1. Great thanks for the Powershell 2.0 command.
    I've been updating powershell on computers just so I'm able to execute Reset-ComputerMachinePassword. Now I won't have to.

    ReplyDelete