How To Resolve Broken Domain Trust Using Powershell

So recently I endeavored to repair a Windows 10 PC.  There were some unresolved issues for which there was no solid answer, and the best resolution path was to perform a reset or refresh of the OS.  I decided to do something a little less intrusive and performed a System Restore to a week or two prior.

I have performed this exercise a number of times without issue, however this time I got an unexpected result.  I had enabled the local admin account and set the password to boot into Safe Mode and restored the system.  Once restored, this was not a viable account to log in with, however, nobody knew the password for the other admin account.  No problem I thought, I’ll just log in as the assigned domain user with their cached credentials, only to discover that the user had very recently changed their password.  No dice, the domain trust had failed.  “The trust relationship between this workstation and the primary domain failed.” So, I fix one problem, only to find myself facing another.

Now, a relationship without trust is like having a phone with no service. And what do you do with a phone with no service? You play games.  New fads or trends come and go. Think Cortana, Siri, and Alexa.  Smart Homes that let in strangers, huh?  Or snacking on Tide Pods, yuk!  (Is it the taste, or a desire to look whacked-out crazy?  They’re not only dangerous but just… Why?) How about gettin’ your groove on with the Floss?  Look around and you’ll see a youngster Flossing.  At my grandsons’ baseball games kids mindlessly Floss on the field between innings.  I YouTubed the thing to learn how to do it to bridge the generation gap.  After a game, I garnered a big grin from my grandson with my amateur version.  Certainly nowhere near Backpack Kid level, though unexpectedly, about 4-5 more kids from around the park came running over, squealing and laughing, and joined me.  Must have been some spectacle.

via GIPHY

The point is, the computer needed to work for the user to be productive, there was no time for games.   In the movie Liar Liar, when acting erratically in a courtroom because he is forced to tell the truth, the judge tells Jim Carrey he is holding him in contempt.  Carrey’s character, Fletcher Reede, responds with “I hold myself in contempt!”  We seem to have a built-in characteristic to police ourselves.  Joseph Stalin made the statement, “I trust no one, not even myself”.

During the Stalin regime, he accomplished a stable monetary system – the ruble becoming more valuable than the dollar, employment was guaranteed, free education for all, and free healthcare for all … hmm, where have I heard that?  Stalin ruled with an iron fist, he murdered, arrested and exiled from any effective political leadership other than himself.  All of those around Stalin were temporary people. As long as he trusted you to a certain degree, you were allowed to go on living and working. But the moment he stopped trusting you, Stalin would start to scrutinize you until the cup of his distrust overflowed.    Sadly, for his political enemies, they didn’t get a chance to restore that failed trust.

So, my target computer, whatever.domain.com, was still a domain member, but not trusted by Big Brother.  Really?  The resolution for a broken trust relationship has been to disjoin the computer from the domain and rejoin.  However, there is now an easier, less arduous way to resolve the issue with Powershell.  First, I had to get into the computer.  It appears each version of Windows requires its own PE environment and support tools.  After obtaining a Windows 10 PE boot disk, I booted to it, was able to reset the local Admin password with the support tools, and login.  By the way, .\administrator replaces the computer name in case you don’t know it.  Then, just follow the simple instructions below:

How to Resolve Broken Domain Trust Using Powershell

  1. Open an administrative Powershell session.Powershell Session
  2. Run the following 2 commands (The -Credential option requires Powershell 3.0, which is satisfied with Windows 10):$credential = Get-Credential  (enter domain admin account when prompted, use the form DOMAIN\ADMIN) Reset-ComputerMachinePassword -Server ClosestDomainControllerNameHere -Credential $credential  
  3. Now you can log off as the local admin, and log back on with a domain account. (No reboot required)

What appeared to be a serious domain issue with such an ominous warning, resolved with a rather simple solution!  We sysadmins will take those whenever we can get them.  And we didn’t have to play games to get there!  New trend perhaps, as we keep finding more and more reasons to incorporate Powershell into our daily rat-killing.  Much easier and quicker than flossing or learning a new dance, though we do our share of dancing on a daily basis.  And better than getting your mouth washed out with soap, presuming you found this article in time.  Now as I think about it, maybe there’s an ulterior motive for munching on Tide Pods, and no, Floss, Tide Pods – we’re not talking dental hygiene here.  But, have these folks found a surefire way to eliminate skid marks?  Asking for a friend …  At any rate, your new Powershell solution will aid in preventing some of the skid marks in your day.

Recently from Rattan - Subscribe to get insight direct to your inbox.

Tired of doing IT yourself?

Let our professional team help with your Managed IT Services.  It’s like having an internal IT department without the added burden of payroll. Start the conversation by completing the form below or give us a call at 405.810.8005.

About The Author

Donny Hilbern is a network and systems consultant specializing in analyzing, designing, and implementing network and enterprise systems.  Donny has been working in the IT field for over 25 years, with nearly 20 years of that time invested in network and system administration and infrastructure technology.  He has experienced a number of undocumented or lightly documented issues during that time.  His desire is to leverage that experience in sharing about some of those issues and how they were resolved to make IT work for his clients.

Recently from Rattan - Subscribe to get insight direct to your inbox.

How can we help?

Contact us to discuss your needs and perhaps schedule a meeting.

2018-05-18T16:36:11+00:00

Leave A Comment