Hi there! Welcome to my blog. My name is Ivan. I am a Dutch IT Professional working as Principal IT Consultant. Most of the time I am using virtual machines for developing installation scripts and operating system images. With Microsoft App-V sequencer I am depending on using virtual machines, and snapshots to revert to the previous state after sequencing process is done. Many times these snapshots are older than 30 days and now and then I run into this small and annoying issues.
If I encountered this then I had to go to “Active Directory Users and Computers” console, find the computer object, reset the computer account, log-in with local administrator account on the system, join to a workgroup, reboot, log-in again with administrator account and join the system back to the domain. All these steps could take up to 30 minutes depending on my other activities.
Back in the old days I used the netdom.exe command and I remembered there was an option to reset the machine account password with the domain controller. On the web I did some research and found a working solution for me.
Out of the box netdom.exe tool is not available on Windows 7 (I am using 32bit enterprise version). To get the command utility I had to install Remote Server Administration Tools (KB958830) and copy that on a network share.
I found out that the netdom.exe utility needs to stored in C:\Windows\System32 and netdom.exe.mui file should be copied to C:\Windows\System32\en-US folder. If the netdom.exe location is wrong or the mui file is missing netdom.exe won’t show anything when started.
Download netdom.exe from here. These two files have been exacted from KB958830.
How to reset machine account password on Windows 7?
- Make sure the netdom.exe and netdom.exe.mui files are stored in the mentioned folder locations
- Open an elevated command prompt
- Run: netdom.exe resetpwd /server:domaincontroller /userD:ivan /passwordD *
- Enter password
- Reboot the machine
reef aquarium blogs
This paragraph will help the internet people for setting up new website or even
a blog from start to end.
Thomas
Thanks a lot, this really helped me.
Peter
Thanks alot for this. Especially “netdom.exe.mui file should be copied to C:\Windows\System32\en-US folder”
Andrew
Will this process only change the password on the PC? It will not change what is currently set of the user’s password on AD controller? I manually set this users password on AD DC, however when we try to sigon on from his machine, only his old password signs on with no network connection.
Jamie
This process will change the password on the computer’s account in AD. (All Domain joined PCs have an account in AD, if you didn’t know) When a user logs into a Domain Joined PC with no network connection, Windows uses stored credentials to authenticate. Basically, it “assumes” the last valid password is still valid when it can’t check with the Domain Controller, and allows the login. Changing the user password in AD will not affect the PC in any way until the network connection is re-created. That said, what we are talking about here is computer accounts, not user accounts though. The Trust relationship failed is related to machine accounts, not user accounts.
Ivan Versluis
Thanks Jamie for your reply. This process will fix the computer account relation to AD. Sure we are seeing this when we try to logon with a user account, still the root cause is the computer object.
JMT83
I found your site while reading many articles, and found yours to be informative, and easier to follow than others. However, I am still having a problem. When I run CMD as an administrator and run, I am never prompted for a password. This is all I see:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32>netdom.exe resetpwd /server:SERVER /userD:DOMAIN\USER /P
assworD: *
C:\Windows\system32>
I made sure to download the files to the folders you listed, and I ran CMD as an administrator. Am I leaving something out here? Thanks!
JMT83
I got it to work! I am not sure why, but I am thinking that the RSAT package may not have installed properly the first time I tried it. After uninstalling and reinstalling KB 958830 and trying again, it worked. This site was a great help to me!
jay
So I can I just copy the netdom files to the required dir’s and run the command line or do you have install the RSAT’s inorder for this to work at?
Ivan Versluis
Hi Jay,
Yes. That should work.
Anon
I found I was able to run netdom when I extracted it in somewhere else other than system32. I.e.
C:\Temp\netdom.exe
C:\Temp\en-US\netdom.exe.mui
Then in the cmd.exe cd C:\Temp and proceed as normal, otherwise it wouldn’t show anything.
MyITGuy
Kudos! on this post. As a value-add…
Place netdom.exe and netdom.exe.mui in a single directory, then create an empty file called netdom.exe.local in the same directory. This basically tells netdom.exe to look in the single directory for supporting files.
netdom.exe
netdom.exe.local
netdom.exe.mui
Cheers!
MyITGuy
Another value-add…
Place netdom.exe and netdom.exe.mui in a single directory, then create an INF file with the following contents in the same directory. Right-click the INF file and choose Install to copy the files into the correct directories for use.
NOTES: (1) Should work with either 32/64-bit. (2) May require an account that has local administrator rights. (3) Can be packaged using IExpress (included in Windows).
[Version]
Signature=$CHICAGO$
[DestinationDirs]
NetdomExe = 11
NetdomExeMui = 11,\en-US
[DefaultInstall]
CopyFiles = NetdomExe,NetdomExeMui
[NetdomExe]
netdom.exe
[NetdomExeMui]
netdom.exe.mui
[SourceDisksNames]
1 = %DiskName%
[SourceDisksFiles]
netdom.exe = 1
netdom.exe.mui = 1
[strings]
DiskName = “Netdom Utility for Windows 7”
Cheers!
it
I followed all what u said. I got the error access denied. The following command was successfully completed. Pls help
jeff
I think the zip file contains the 32 bit version of these programs. I copied those two files from a 64 bit windows into the location you mentioned and it worked well.
igor7
Useful info, thanks!! Just to clarify – the example in the first post working only for 32 bit version of Windows 7. In order to get it work on 64 bit version, files netdom.exe and netdom.exe.mui should be copied manually into %systemroot%\SysWOW64 and %systemroot%\SysWOW64\en-US accordingly.
The *.inf file provided above, install files only into %systemroot%\System32 and %systemroot%\System32\en-US folders.
J Long
http://www.implbits.com/about/blog/tabid/78/post/don-t-rejoin-to-fix-the-trust-relationship-between-this-workstation-and-the-primary-domain-failed/default.aspx
———————————————————————————————————————————————-
Just change your computer password using the Reset-ComputerMachinePassword cmdlet from Powershell v3!
Reset-ComputerMachinePassword [-Credential ] [-Server ]
I haven’t looked at this problem for a while, but it seems to come up very often and there has been a lot of positive response. I wanted to point out an improvement (a more up-to-date method) that came from Lord_Arokh. Powershell v3 shipped with a cmdlet for resetting computer passwords. For those with Powershell skills, this is a much better option. Powershell v3 ships with the latest version of Windows and can be downloaded from Microsoft:
http://www.microsoft.com/en-us/download/details.aspx?id=34595
I noticed that on my Windows 8 install, I only received partial help when I issued the Get-Help Reset-ComputerMachinePassword command. You can fix this by opening Powershell with administrative rights and running Update-Help.
You can use the Get-Credential cmdlet for a secure way to generate a PSCredential, which can be stored in a variable and used in a script. You will want to generate a credential for an Active Directory user with sufficient rights to change the computer’s password. The Server parameter is the domain controller to use when setting the machine account password.
C M
Another solution is:
– Open Active Directory Management Console
– Search the computerobject which lost the trust
– Rightclick on it -> Reset Account
Works fine…
Valerian Heints
RSAT for Windows 10
https://www.microsoft.com/en-us/download/details.aspx?id=45520
Ivan Versluis
Thanks Valerian! I am still missing them on my Windows 10 system. I will give it a try!
Rolf Genter
Thank you all, this thread saved my day!
John Sikwese
Hello, this really works! great job. You have helped to sort out this problem is a very simple way. keep up the good work.