Monday, 2 April 2018

The Trust Relationship Between this Workstation and the Primary Domain Failed


PowerShell version:
$PSVersionTable.PSVersion

Ojo en todo lo de abajo el parámetro -Credential sólo funciona si
PowerShell >= 3

Resumen para el caso peor, no hace falta reiniciar !! :
{
 En la WorkStation, logarse como *administrador de dominio* .

 ' Ver como está el tema:
 Test-ComputerSecureChannel
 Test-ComputerSecureChannel -verbose

 Test-ComputerSecureChannel -Repair

 Reset-ComputerMachinePassword

 ' Ver como está el tema:
 Test-ComputerSecureChannel

 ' Ver como está el tema:
 Entrar con mi usuario, chk con que contraseña deja.
 Bloquear el ordenador y comprobar con que deja acceder .. y a J:
}
  

You can prevent the error: “The trust relationship between this…” with a domain GPO.

Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options

Domain member: Disable machine account password changes

Domain member: Maximum machine account password age




https://www.oxfordsbsguy.com/2014/04/28/powershell-get-adcomputer-to-retrieve-computer-last-logon-date-part-1/
Get-ADComputer -Identity SBS2K11 -Properties *

https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/test-computersecurechannel?view=powershell-5.1
 -Credential si PowerShell >= 3
Test-ComputerSecureChannel
Test-ComputerSecureChannel -verbose
Test-ComputerSecureChannel -Repair



https://4sysops.com/archives/repair-the-domain-trust-relationship-with-test-computersecurechannel/
http://www.prolved.com/trust-relationship-workstation-primary-domain-failed/
https://www.reddit.com/r/sysadmin/comments/5u7g68/resetcomputermachinepassword_is_magic/

Local:
 Test-ComputerSecureChannel -Repair

Remoto:
 Invoke-Command -ComputerName REMOTECOMPUTERHERE -ScriptBlock { Test-ComputerSecureChannel -Repair } -Credential (Get-Credential -UserName 'administrator' -Message 'User')

 o
 {
  $localCredential = Get-Credential
  Invoke-Command -ComputerName REMOTECOMPUTERHERE -ScriptBlock { Test-ComputerSecureChannel -Repair } -Credential $localCredential

 }

A todos comprobar en remoto:
{
 $localCredential = Get-Credential -- las guarda pero no las muestra

 @(Get-AdComputer -Filter *).foreach({

  $output = @{ ComputerName = $_.Name }

  if (-not (Test-Connection -ComputerName $_.Name -Quiet -Count 1)) { $output.Status = 'Offline'
   } else {

   $trustStatus = Invoke-Command -ComputerName $_.Name -ScriptBlock { Test-ComputerSecureChannel } -Credential $localCredential
   $output.Status = $trustStatus
  }

  [pscustomobject]$output

 })
}


Reset-ComputerMachinePassword

Reset-ComputerMachinePassword [-Server ] [-Credential ]


Lo anterior se puede hacer también con:
{ https://ss64.com/nt/netdom.html

 NETDOM RESETPWD   Reset the machine account password for a domain controller
 NETDOM RESET      Reset the secure connection between a workstation and a DC
 NETDOM VERIFY     Verify the secure connection between a workstation and a DC
 NetDom is available as part of the RSAT tools or by default, with the AD DS or AD LDS server roles.

 To enable NETDOM: Control Panel | Programs and Features | Windows features | Remote Server Administration Tools | Role Administration Tools | AD DS and AD LDS Tools | select AD DS Tools.

}


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)