Virtual Geek

Tales from real IT system administrators world and non-production environment

PowerShell fix repair The trust relationship between this workstation and the primary domain failed

This is the issue I have always seen with Windows Server Administrator. They face below issue a lot in their day to day activities while logging with their domain account. When they login with local account it was successful. The cause of this issue is simple, whenever computer joins into domain there is a computer account created in the Active Directory. This computer (devices) has  password which is changed and sync with perspective machines every 30 days interval, if some how computer machine is not able to contact active directory (shutdown or network issue for more than 30 days or restore or manually reset computer password in Ad) you see this issue. 

Another way: Resovled issue with PowerShell - Trust relationship Rejoin computers in domain without restart

To resolve the issue simple fix is to remove computer machine from domain, disjoin and rejoin the computer into Active Directory domain again, This could be a show stopper for few administrators due the requirement of the reboot requirement. This is big headache for IT admins specially with mission critical servers. Here PowerShell helps to solve this issue without a reboot.

The trust relationship between this workstation and the primary domain failed

Microsoft Powershell windows server 2019 2022 the trust relationship between this workstation and the primary domain failed server ad trust relationship broken.png

Powershell will help in this regard and help to repair broken trust relationship (expired non synced password on Active Directory), without restarting server machine. To resolve the issue Log in with local admin account on the system and run Powershell open as administrator. There is separate AD credentials (permissions to join computer account machine to domain) are required to test the disjoined computer account machine. This doesn't require reboot.

Once command is executed the output should be True means successful. Sign out from local account and try logging with your Active Directory user account.

Test-ComputerSecureChannel -Repair -Credential (Get-Credential)

Microsoft Powershell Run powershell as administrator test-computersecurechannel -repair -credential (Get-Credential) pipeline position username password repair ad computer trust.png

You can simulate and break trust relationship with reset computer account password in AD.

Microsoft powershell azure active directory users and computers reset account add to a group disable account move properties reset computer account test-computersecurechannel -repair.png

This is additional command if you don't want to use Powershell and normal cmd prompt command netdom can be also used to reset computer account password locally. You get message: The machine account password for the local machine has been successfully reset.

netdom resetpwd /server:domainserver /userd:domain\username /passwordD:*

Microsoft Powershell run as administrator windows powershell netdom add computername resetpwd server userd passwordd reset computer ad password broken trust domain machine account password local machine repair.png

Useful Articles
PowerShell HPE ILO4 Rest API automation examples dell hpe ilo dell idrac powershell restful api restapi automation consume.png
Powershell Configure ILO5 using Restful API
Configure Dell iDrac9 Rest API with Powershell
Powershell Dell iDrac redfish Rest API basic authentication

Powershell Convert range of numbers into another list of numbers maintaining ratio
PowerShell slice array into groups of smaller arrays
Powershell web scrapping extract table from html

Powershell adding leading zeros to string or int
PowerShell convert string to base64 value
PowerShell Encode or Decode an WebURL
Create an interactive HTML report with PowerShell data

Go Back


Blog Search

Page Views


Follow me on Blogarama