This is a very old issue, since the dawn of sysadmin time as we know it: the issue where our domain member server or computer loses its trust relationship to the domain.
Yes, yes, the dreaded words that appear on your login screen once you try to login to one of your servers on a very sunny and rather hot Monday, after a good and quiet weekend.
The trust relationship between this workstation and the primary domain failed.
Well, a lot of us would just go in with the local administrator account and just rejoin the machine to the domain. But here are some other alternatives, including what to do if we do not remember the local administrator password and we only have the domain login. Luckily, there’ a way to bypass that annoying issue.
Firstly, we never need to rejoin the machine to the domain if we have this problem.
If you are working on a remote computer, like via TeamViewer on a user’s laptop, you can use below PowerShell cmd to fix this. Your user will not able to see your admin password in this way. Recommended solution.
Reset-ComputerMachinePassword -Server <your-domain-controller> -Credential (Get-Credential)
Run the following command from a PowerShell prompt should also work.
Netdom resetpwd /Server:<your-domain-controller> /UserD:<domain-admin-account> /PasswordD:<domain-admin-password>
Now to dissect the command: we call the netdom command with the resetpwd (reset password) switch and we provide the domain controller we will authenticate against and the credentials of a domain admin account. Simple. I will also explain in a little bit why this issue actually happens in the first place.
So easy! We do not even have to restart the machine after these commands!