As you already know, when you join a computer or a server to an Active Directory domain, a computer account is automatically created in the joined Active Directory domain.
During this junction, a trust relationship is created between the computer or the joined server and your domain controllers.
To ensure the security of this trust relationship and of your Active Directory infrastructure, the passwords used to secure this trust relationship are changed regularly and automatically in a transparent manner.
The problem is, if the client PC crashes and you need to restore it to a previous state to fix it quickly, that trust relationship might be broken. This is because the passwords will no longer be identical between the client PC and your domain controllers.
To repair this trust relationship, you must first reset the computer account of the affected computer.
To do this, open for example the console "Active Directory Users and Computers" and right-click "Reset Account" on the desired computer account.
Confirm the reset of the computer account.
The desired computer account has been reset.
Then, on the client PC, log in with a local administrator account (because the junction to the Active Directory no longer works for the moment from this client PC).
Note that to log in with a local account, you can specify the name of the client PC as a prefix, or simply ".\" (in this cae, the name of the client PC is displayed).
Once logged in with a local account on the client PC, open the Windows system properties and click : Change settings.
Specify the name of the workgroup you want.
This name doesn't matter, it's just to leave the Active Directory domain temporarily.
Confirm that you want to leave the domain by clicking OK.
Provide the credentials of a domain administrator to leave the domain.
The "Welcome to the [workgroup name] workgroup" message appears.
As indicated in this message, a restart will be required.
Click on : Restart Now.
Now, you are in a workgroup.
In the system properties, click on : Change settings.
Enter the name of the domain in which this computer was previously located.
Specify the credentials of an account authorized to join computers to an Active Directory domain.
The message "Welcome to the [your domain name] domain" appears.
As you can see, the computer account is still present in your Active Directory.
The advantage of resetting the computer account instead of deleting it is that you don't lose the location where this computer account was present, the permissions set on this Active Directory object, ...
Now, you will be able to log in again on this client PC with a user of your Active Directory infrastructure.
As expected, logging in on the client PC with an Active Directory account works without problem.
Windows Server 6/11/2021
Windows Server 7/23/2021
Windows Server 10/22/2021
Windows Server 8/6/2021
® InformatiWeb-Pro.net - InformatiWeb.net 2008-2021 - © Lionel Eppe - All rights reserved.
Total or partial reproduction of this site is prohibited and constitutes an infringement punishable by articles L.335-2 and following of the intellectual property Code.