This one’s a peach – how many times have you encountered it?? I know my personal tally is well into double figures… There is a quick and easy fix for it though (and no I don’t mean removing and re-joining the computer from the domain and all the hassle that creates!).
First you’ll need to log in as a local administrator, then if you have Powershell (and by god you should do!) just run this command sequence:
$credential = Get-Credential – (enter domain admin account when prompted)
Reset-ComputerMachinePassword -Credential $credential -Server dc-hostname.domain
#EDIT: On Powershell versions below 3.0 the -credential paramater is not supported (as explained in this KB). If you enter it you’ll get the following error:
Reset-ComputerMachinePassword : A parameter cannot be found that matches parameter name ‘credential’.
At line:1 char:42
+ reset-computermachinepassword -credential <<<<
+ CategoryInfo : InvalidArgument: (:) [Reset-ComputerMachinePassword], ParameterBindingException
+ FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.PowerShell.Commands.ResetComputerMachinePasswordCommand
If you see this error just use:
Reset-ComputerMachinePassword -Server dc-hostname.domain
And you’ll be prompted for credentials!
Alternatively, you can download the Microsoft Remote Server Administration Tools, then use the following from an elevated cmd prompt:
netdom.exe resetpwd /s:dc-hostname.domain /ud:domainadminusername /pd:* (enter the domain admin password when prompted)
Simple as that! Source: implbits.com
Another command that also works (better than the above apparently):
Test-ComputerSecureChannel -Repair -Credential (get-credential)