16.20. Resetting a Computer Account


You want to test the secure channel of a computer and reset the computer account if it is failing.


Use the following command to test a secure channel for a computer:

> nltest /server:<ComputerName> /sc_query:<DomainName>

If this command returns errors, such as ERROR_NO_LOGON_SERVERS, try resetting the secure channel using the following command:

> nltest /server:<ComputerName> /sc_reset

If that doesn't help, you'll need to reset the computer account as described next.

Using a graphical user interface

  1. From the Administrative Tools, open the Active Directory Users and Computers snap-in.

  2. If you need to change domains, right-click on Active Directory Users and Computers in the left pane, select Connect to Domain, enter the domain name, and click OK.

  3. In the left pane, right-click on the domain and select Find.

  4. Beside Find, select Computers.

  5. Type the name of the computer and click Find Now.

  6. In the Search Results pane, right-click on the computer and select Reset Account.

  7. Click Yes to verify.

  8. Click OK.

  9. Rejoin the computer to the domain (Recipe 16.18).

Using a command-line interface

You can use the dsmod utility to reset a computer's password. You will need to rejoin the computer to the domain after doing this:

> dsmod computer  "<ComputerDN>" -reset
> dsmod computer "cn=rallen-wxp,cn=computers,dc=rallencorp,dc=com"

Another option is to use the netdom command, which can reset the computer so that you do not need to rejoin it to the domain:

> netdom reset ...

Get Windows Server Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.