** Trust Relationship Borken : DSMOD , NLTEST, SID Repair

Tips to Rejoin Domain Windows 2012 R2 Domain Controller

Either you mistakenly delete a Machine Object or a Laptop came back from a remote user who hasn’t connected to AD over 30 days, it will disjoin the network.

Ir brakes Secure Channel primarily due to SID unique identifier.You could also lose SID due to

  • 30 Days PW reset polcy
  • OS Re-install
  • LSA Out of sync

Here are few options to join the machine back to Domain. 

Note: Don’t Dis-Join Domain, Join WGroup , re-join Domain : this will lose SID and most probably your Group Memberships.

  1. AD Users & Computers, Reset Computer and Rejoin the Domain (In this case only, you will Disjoin Domain, Join WGroup, Re-join Domain, Reboot)
  2. DSMOD : You can use Power shell to do it easily on Domain Controller , execute it and then simply Reboot the machine in question.

PS C:\Scripts> dsmod computer “cn=Machine name” ,ou=Desktops, ou=NY ,dc=virtualremote,dc=com” -reset

3. This is a client machine procedure: Login with local admin account credentials. Huge Plus : you don’t have to reboot your machine, execute and relogin.

  • Open CMD
  • nltest /server:Local-machine-name /sc-reset:virtualremote\Primary-Domain-Controller
  • Once completed successfully , simply re-loing with domain credentials.

4. This Clinet command requires Power shell, make sure you install it on client end to execute it successfully.

  • Cmd > powershell
  • Test-ComputerSecureChannel  -Repair (it should return True which means it ran successfully)

Leave a Reply