Notepad:Rejoin Domain: Difference between revisions

From Amar
Jump to navigationJump to search
No edit summary
 
(5 intermediate revisions by the same user not shown)
Line 1: Line 1:
= How do Rejoin a Computer to the Domain without Losing it’s SID =
= How do Rejoin a Computer to the Domain without Losing it’s SID =
This entry was posted in Uncategorized on February 1, 2012 by amy
From [http://www.thirdtier.net/2012/02/how-do-rejoin-a-computer-to-the-domain-without-losing-its-sid/ How do Rejoin a Computer to the Domain without Losing it’s SID ]


This trick comes to be via my Active Directory study group. I suggest that everyone join a usergroup and/or a study group. It’s not that we don’t know AD, it’s that we forget or miss new features. A refresher course is fun too.
This trick comes to be via my Active Directory study group. I suggest that everyone join a usergroup and/or a study group. It’s not that we don’t know AD, it’s that we forget or miss new features. A refresher course is fun too.
Line 10: Line 10:
Instead of doing that we can just reset the secure channel. There are a couple of ways do this:
Instead of doing that we can just reset the secure channel. There are a couple of ways do this:


    In AD right click the computer and select Reset Account. Then re-join without un-joining the computer to the domain. Reboot required.
* In AD right click the computer and select Reset Account. Then re-join without un-joining the computer to the domain. Reboot required.
    In an elevated command prompt type: dsmod computer “Computer DN” – reset. Then re-join without un-joining the computer to the domain. Reboot required.
* In an elevated command prompt type:
    In an elevated command prompt type: netdom reset MachineName /domain DomainName /User0 UserName /Password0 {Password | *} The account whose credentials you provided must be a member of the local administrators group. No rejoin. No reboot.
dsmod computer “Computer DN” – reset
    In an elevate command prompt type: nltest /Server:ServerName /SC_Reset:DomainDomainController No rejoin. No reboot.
Then re-join without un-joining the computer to the domain. Reboot required.
* In an elevated command prompt type:
netdom reset MachineName /domain DomainName /User0 UserName /Password0 {Password | *}
The account whose credentials you provided must be a member of the local administrators group. No rejoin. No reboot.
* In an elevate command prompt type:
nltest /Server:ServerName /SC_Reset:DomainDomainController
No rejoin. No reboot.
 
== Alternative : the trust relationship between this workstation and the primary domain failed ==
 
From: [https://community.spiceworks.com/how_to/108912-fix-the-trust-relationship-between-this-workstation-and-the-primary-domain-failed FIX the trust relationship between this workstation and the primary domain failed ]
 
Open PowerShell as administrator. Run this command sequence:
  $credential = Get-Credential – (enter domain admin account when prompted)
 
  Reset-ComputerMachinePassword -Server ClosestDomainControllerNameHere
 
and you are all set:)
 
 
{{Notepad}}

Latest revision as of 05:43, 24 January 2018

How do Rejoin a Computer to the Domain without Losing it’s SID

From How do Rejoin a Computer to the Domain without Losing it’s SID

This trick comes to be via my Active Directory study group. I suggest that everyone join a usergroup and/or a study group. It’s not that we don’t know AD, it’s that we forget or miss new features. A refresher course is fun too.

Occasionally a computer will come “disjoined” from the domain. The symptoms can be that the computer can’t login when connected to the network, message that the computer account has expired, the domain certificate is invalid, etc. These all stem from the same problem and that is that the secure channel between the computer and domain is hosed. (that’s a technical term. Smile )

The classic way to fix this problem is to unjoin and rejoin the domain. Doing so is kind of a pain because it requires a couple of reboots and the user profile isn’t always reconnected. Ewe. Further if you had that computer in any groups or assigned specific permissions to it those are gone because now your computer has a new SID, so the AD doesn’t see it as the same machine anymore. You’ll have to recreate all of that stuff from the excellent documentation that you’ve been keeping. Uh, huh, your excellent documentation. Double Ewe.

Instead of doing that we can just reset the secure channel. There are a couple of ways do this:

  • In AD right click the computer and select Reset Account. Then re-join without un-joining the computer to the domain. Reboot required.
  • In an elevated command prompt type:
dsmod computer “Computer DN” – reset

Then re-join without un-joining the computer to the domain. Reboot required.

  • In an elevated command prompt type:
netdom reset MachineName /domain DomainName /User0 UserName /Password0 {Password | *}

The account whose credentials you provided must be a member of the local administrators group. No rejoin. No reboot.

  • In an elevate command prompt type:
nltest /Server:ServerName /SC_Reset:DomainDomainController

No rejoin. No reboot.

Alternative : the trust relationship between this workstation and the primary domain failed

From: FIX the trust relationship between this workstation and the primary domain failed

Open PowerShell as administrator. Run this command sequence:

  $credential = Get-Credential – (enter domain admin account when prompted)
  Reset-ComputerMachinePassword -Server ClosestDomainControllerNameHere

and you are all set:)



← Back to Notepad



<insert>googlesearchwiki</insert> <insert>paypal</insert> <insert>analytics</insert>