Re: Reset computer account

In an operational environment where uptime is measured with 5 9s how exactly do
you explain to management that everytime the machine password is reset that the
passwords end up getting out of sync because the member server doesn't have
access to the domain controller to tell the DC what the new password is and
within a short period of time the member server no longer can authenticate
people because it complains that it either can't find itself in the directory or
it can't bind to the directory anymore

And with us resetting the machine account password made things worse to the
point we had to rejoin the machines to the domain.

What misconfiguration can cause that situation?

thanks

"Cary Shultz [A.D. MVP]" wrote:

> Johnny,
>
> There are user account objects just like there are computer account objects.
> The computer account objects have a secure channel with a Domain Controller.
> Over this secure channel the workstation and the Domain Controller
> communicate. In WIN2000 the computer account objects change their secret
> password every 30 days ( in WINNT 4.0 it was seven days ). Sometimes this
> secure channel gets flubbed up...for whatever reason. So, based on what I
> just wrote you can see how this can create a little bit of a problem. So,
> in order to resolve the problem of the flubbed up secure channel you
> Microsoft gives us the ability to reset that secure channel.
>
> I *think* that this should clear up any misunderstandings.
>
> For all others, have I properly explained how this works?
>
> --
> Cary W. Shultz
> Roanoke, VA 24012
> Microsoft Active Directory MVP
>
> http://www.activedirectory-win2000.com
> http://www.grouppolicy-win2000.com
>
> "Johnny Chow" <jchow10@xxxxxxxxx> wrote in message
> news:OM8W4FPUFHA.548@xxxxxxxxxxxxxxxxxxxxxxx
> > Hi,
> > I understand add, move and delete computer account. I do not understand
> > the purpose of reset computer account in AD and when to use it. I will
> > be appreciated your information and tips.
> >
> > Thank you in advance,
> >
> > Johnny Chow
> >

.

Relevant Pages

  • Re: Reset computer account
    ... There are user account objects just like there are computer account objects. ... The computer account objects have a secure channel with a Domain Controller. ...
    (microsoft.public.win2000.active_directory)
  • Re: DC Not replicating after being shutdown for a while
    ... You will probably need to use Netdom to reset the secure channel between ... Most likely the computer account is now out of ... What errors do you get during replication? ...
    (microsoft.public.win2000.active_directory)
  • Re: computer account passwords resets
    ... first disable the computer account objects before you can delete them. ... > Paul Williams ...
    (microsoft.public.win2000.active_directory)
  • Re: computer account passwords resets
    ... > first disable the computer account objects before you can delete them. ... >> Paul Williams ... >>> reset ...
    (microsoft.public.win2000.active_directory)
  • Re: AD computer account and image restore
    ... Deleting the computer account from AD and then rejoining the domain would ... You can also use netdom to reset the secure channel of the machine ...
    (microsoft.public.windows.server.active_directory)