This one’s a peach – how many times have you encountered it?? I know my personal tally is well into double figures… There is a quick and easy fix for it though (and no I don’t mean removing and re-joining the computer from the domain and all the hassle that creates!).

First you’ll need to log in as a local administrator, then if you have Powershell (and by god you should do!) just run this command sequence:

$credential = Get-Credential – (enter domain admin account when prompted)
Reset-ComputerMachinePassword -Credential $credential -Server dc-hostname.domain

#EDIT: On Powershell versions below 3.0 the -credential paramater is not supported (as explained in this KB). If you enter it you’ll get the following error:

Reset-ComputerMachinePassword : A parameter cannot be found that matches parameter name ‘credential’.
At line:1 char:42
+ reset-computermachinepassword -credential <<<<
+ CategoryInfo : InvalidArgument: (:) [Reset-ComputerMachinePassword], ParameterBindingException
+ FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.PowerShell.Commands.ResetComputerMachinePasswordCommand

If you see this error just use:

Reset-ComputerMachinePassword -Server dc-hostname.domain

And you’ll be prompted for credentials!

/EDIT

Alternatively, you can download the Microsoft Remote Server Administration Tools, then use the following from an elevated cmd prompt:

netdom.exe resetpwd /s:dc-hostname.domain /ud:domainadminusername /pd:* (enter the domain admin password when prompted)

Simple as that! Source: implbits.com

/EDITAGAIN

Another command that also works (better than the above apparently):

Test-ComputerSecureChannel -Repair -Credential (get-credential)


Categories: Uncategorized


11 Responses so far.


  1. JeffM says:

    Last fix worked wonderfully for me. Thank you John and Google.

  2. JeffM says:

    James rather. 🙂

  3. Patrick says:

    Powershell fix worked perfectly. Thanks for the article!

  4. Matt says:

    I had PS version 2.0 installed (you can check your version by using $psversiontable) and omitting the -Credential switch did not prompt me for credentials. Instead it just said “Access Denied”.

    I had to upgrade PS to version 3.0 and then the command with the -Credential switch worked great as explained.

    You can download PS 3.0 here: http://www.microsoft.com/en-us/download/details.aspx?id=34595

    Thanks for the info!!

  5. extremesanity says:

    Attempting to use this command threw error “the server is not operational”.

    I ran this command and now I can log into the server correctly:

    Test-ComputerSecureChannel -Repair -Credential -Verbose

Leave a Reply