Resetting Machine passwords


#1

Windows clients are telling me “The trust relationship between this workstation and the primary domain failed.”

Rejoining Win7 clients to the domain is supposed to fix the issue by forcing a reset of the computer account password. Alternatively, resetting the computer account password is supposed to resolve this issue.

Is there a way to force reset the computer account password from the UCS command line?


#2

Hey,

I’m not sure, but I don’t think so. Here’s why:

What’s required for domain functions to succeed is that the client machine can log in to the Active Directory properly. For this both the client machine and the server must have the same client password stored, and that’s what’s set up when you (re-)join a client to a domain.

So in order to reset the client machine’s password in the Active Directory from the server side you would have to know the client’s currently used password. Maybe it’s possible to retrieve it somehow from the client (registry? Kerberos database?), but I’m not aware of any such method, especially not from the outside. You’re talking about a script/program started on the server that would have to contact the client, retrieve the password from it securely (without there being a secured communication channel at the moment due to the very problem you’re trying to fix) and update the Active Directory with said password.

Kind regards,
mosu