2.10. Testing and Resetting the Secure Channel

Problem

You want to test the secure channel of a server in a domain.

Solution

The following command tests the secure channel for a computer:

> nltest /server:<ComputerName> /sc_query:<DomainName>

The following command resets the secure channel for a computer:

> nltest /server:<ComputerName> /sc_reset:<DomainName>

The following solutions describe how to reset a computer account.

Using a graphical user interface

  1. Open the Active Directory Users and Computers snap-in.

  2. If you need to change domains, right-click on Active Directory Users and Computers in the left pane, select Connect to Domain, enter the domain name, and click OK.

  3. In the left pane, right-click on the domain and select Find.

  4. Beside Find, select Computers.

  5. Type the name of the computer and click Find Now.

  6. In the Search Results, right-click on the computer and select Reset Account.

  7. Click Yes to verify.

  8. Click OK.

  9. Rejoin the computer to the domain as I described in Recipe 2.5.

Using a command-line interface

You can use the dsmod.exe utility to reset a computer's password. You will need to rejoin the computer to the domain after doing this.

> dsmod computer  "<ComputerDN>" -reset

Another option is to use the netdom.exe command, which can reset the computer so that you do not need to rejoin it to the domain.

> netdom reset <ComputerName> /Domain <DomainName> /UserO <UserUPN> /PasswordO *

Using VBScript

' This code resets an existing computer object's password to the ' initial default. You'll need ...

Get Windows Server Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.