Fix broken trust using Powershell

When trying to log in to PC using a domain credential you get the following error:

“The trust relationship between this workstation and the primary domain failed” error when you log in to Windows 7

At this point I would usually re-join to the domain or run the Network Wizard, reboot, and continue on. There has to be a better way. And in-fact, there is via the Powershell command:

Reset-ComputerMachinePassword –server -credential

However, when I ran the command to reset the password I got an error stating the account could not be found on the domain controller:

PS C:\A3336> Reset-ComputerMachinePassword -server DELLR710 -credential AP\client_admin
Reset-ComputerMachinePassword : Cannot find the computer account for the local computer from the domain controller DELLR710.
At line:1 char:1
+ Reset-ComputerMachinePassword -server DELLR710 -credential AP\client_admin ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OperationStopped: (A3336:String) [Reset-ComputerMachinePassword], InvalidOperationException
    + FullyQualifiedErrorId : CannotFindMachineAccount,Microsoft.PowerShell.Commands.ResetComputerMachinePasswordCommand

PS C:\A3336>

The fix was to create the account on the domain controller which I was able to do with Powershell on another PC that had Remote Server Administration Tools (RSAT) installed.

    PS C:\AP01-1255-915> New-ADcomputer –name "A3336" –SamAccountName "A3336" -Enabled $true
    PS C:\AP01-1255-915>

Now when the command is run on the client PC I am prompted to enter a username and password with permission to join computers to the domain and the command completes successfully.

    PS C:\A3336> Reset-ComputerMachinePassword -server DELLR710 -credential AP\client_admin
    PS C:\A3336>

http://implbits.com/active-directory/2012/04/13/dont-rejoin-to-fix.html
https://ss64.com/ps/reset-computermachinepassword.html
https://support.microsoft.com/en-us/help/2771040/the-trust-relationship-between-this-workstation-and-the-primary-domain

Advertisement

Start remote PC using WOL and Powershell

How to power-on remote PC using wake-on-lan (WOL) and Powershell. Run from a Windows 7 Pro with Powershell running with domain admin credentials.

$Mac = "f0:92:1c:e3:8f:60"
$MacByteArray = $Mac -split "[:-]" | ForEach-Object { [Byte] "0x$_"}
[Byte[]] $MagicPacket = (,0xFF * 6) + ($MacByteArray  * 16)
$UdpClient = New-Object System.Net.Sockets.UdpClient
$UdpClient.Connect(([System.Net.IPAddress]::Broadcast),7)
$UdpClient.Send($MagicPacket,$MagicPacket.Length)
$UdpClient.Close()

PS C:\Install> ping -4 -t AP01-1221-314

Pinging AP01-1221-314.AP.local [10.10.1.130] with 32 bytes of data
Reply from 10.10.1.179: Destination host unreachable.
Reply from 10.10.1.179: Destination host unreachable.
Reply from 10.10.1.179: Destination host unreachable.
Reply from 10.10.1.179: Destination host unreachable.
Reply from 10.10.1.179: Destination host unreachable.
Reply from 10.10.1.179: Destination host unreachable.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Reply from 10.10.1.130: bytes=32 time=2ms TTL=128
Reply from 10.10.1.130: bytes=32 time=1ms TTL=128
Reply from 10.10.1.130: bytes=32 time=2ms TTL=128
Reply from 10.10.1.130: bytes=32 time=2ms TTL=128
Reply from 10.10.1.130: bytes=32 time=2ms TTL=128
Reply from 10.10.1.130: bytes=32 time=2ms TTL=128

Ping statistics for 10.10.1.130:
  Packets: Sent = 19, Received = 12, Lost = 7 (36% loss),
Approximate round trip times in milli-seconds:
  Minimum = 1ms, Maximum = 2ms, Average = 1ms
Control-C
PS C:\Install>

Just change MAC address and copy and paste. Of course, WOL must be enabled on remote PC for this to work.

Note: you’ll need Remote Server Administration Tools (RSAT) installed which you can download from Microsoft:
https://support.microsoft.com/en-us/help/2693643/remote-server-administration-tools-rsat-for-windows-operating-systems