Reset computer account

J

Johnny Chow

Hi,
I understand add, move and delete computer account. I do not understand the
purpose of reset computer account in AD and when to use it. I will be
appreciated your information and tips.

Thank you in advance,

Johnny Chow
 
T

Tomasz Onyszko [MVP]

Johnny said:
Hi,
I understand add, move and delete computer account. I do not understand the
purpose of reset computer account in AD and when to use it. I will be
appreciated your information and tips.
Click to expand...

Think about reseting of computer account simply like about reseting the
computers password in domain. Each computer account has password
associated with it and computer is using this account to authenticate
itself in a domain.

that's very brief description in few words
 
C

Cary Shultz [A.D. MVP]

Johnny,

There are user account objects just like there are computer account objects.
The computer account objects have a secure channel with a Domain Controller.
Over this secure channel the workstation and the Domain Controller
communicate. In WIN2000 the computer account objects change their secret
password every 30 days ( in WINNT 4.0 it was seven days ). Sometimes this
secure channel gets flubbed up...for whatever reason. So, based on what I
just wrote you can see how this can create a little bit of a problem. So,
in order to resolve the problem of the flubbed up secure channel you
Microsoft gives us the ability to reset that secure channel.

I *think* that this should clear up any misunderstandings.

For all others, have I properly explained how this works?

--
Cary W. Shultz
Roanoke, VA 24012
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com
 
J

John Chow

Thank you all with good explaination but I am still confused which scenario
should I use reset instead of add/delete (cleaner job) computer in IT
environment.

For an example, I had a computer join to the domain yesterday and it ran
fine until this morning that I was trying to login as administrator account
with right domain name (not local user) and it prompt me that it can not
find DC (DC is in same subnet). I was able to logon second computer in the
same subnet as DC and domain. Therefore, I removed/rejoined the computer
account to the domain, and it was running fine now. Correct me if I am
wrong, would this be a good scenario to reset the computer.

Thanks again,

Johnny Chow
 
G

Guest

In that scenario I would reset the Computer account first before trying the
remove/add to domain. This works for me 99% of the time, the 1% usually
require the remove/add method.

Steve
 
B

Brandon McCombs

In an operational environment where uptime is measured with 5 9s how exactly do
you explain to management that everytime the machine password is reset that the
passwords end up getting out of sync because the member server doesn't have
access to the domain controller to tell the DC what the new password is and
within a short period of time the member server no longer can authenticate
people because it complains that it either can't find itself in the directory or
it can't bind to the directory anymore

And with us resetting the machine account password made things worse to the
point we had to rejoin the machines to the domain.

What misconfiguration can cause that situation?

thanks
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Subdomain PC/server administration 2
How do I delete the computer account automatically 1
what is reset account? 10
Subdomain Group Administratration 2
Lost syncrhonization after restore image 3
computer account passwords resets 9
Pros/Cons of computer account deletions 2
Reset Computer Account 5

Top