JSI Tip 2477. Using Netdom from the Windows 2000 Support Tools to reset machine account passwords.

The secure channel password between a domain controller and domain members/domain controllers can get out of sync, preventing communications.

When this happens, you can't use the Active Directory Users and Computers snap-in to reset it, but you can use Netdom.exe.

Netdom.exe must be run locally on the computer whose 'local secret' you wish to reset.

Install the Windows 2000 Support Tools from the SupportTools folder on the Windows 2000 Professional or Windows 2000 Server CD-ROM.

When you run Netdom.exe, it resets the local account password and writes the change to the computer's account object on a domain controller in the same domain. This starts Active Directory replication, so that other domain controllers can be synchronized. You must have local and domain administrator rights/permissions to perform this procedure.

After installing the Windows 2000 Support Tools, open a CMD prompt and type:

netdom resetpwd /server: /userd: /passwordd:*

where:

- is the fully qualified DNS or NetBIOS name of a domain controller.

- is the NetBIOS domain name.

- is a Domain Administrator account id.

NOTE: The /passwordd:* parameter indicates that you will type the password, using hidden characters.

Example:

netdom resetpwd /server:JSI001 /userd:JSIINCJerry /passwordd:*

where JSI001 is my Windows 2000 domain controller, JSIINC is my domain name, and I am running Netdom on JSI005, my laptop, which must be restarted after the password is changed.