The information in this article applies to:
SUMMARY
For each Windows 2000 workstation or server that is a member of a domain, there is a discrete communication channel, known as the secure channel, with a domain controller.
The Netlogon service on the domain controller logs the following error message when the password is not synchronized: This article describes four ways of resetting computer accounts in Windows 2000. These methods are:
MORE INFORMATIONNetdom.exeFor each member, there is a discrete communication channel (the secure channel) with a domain controller. The secure channel is used by the Netlogon service on the member and on the domain controller to communicate. Netdom makes it possible to reset the secure channel of the member.Suppose you have a domain member named DOMAINMEMBER. You can reset the member secure channel by using the following command: netdom member \\domainmember /joindomainYou can run this command on the member DOMAINMEMBER or on any other member or domain controller of the domain, provided that you are logged on with an account that has administrator access to DOMAINMEMBER. The domain controller's secure channel can be reset by using the following command: netdom bdc mybdc /reset Nltest.exeNltest.exe can be used to test the trust relationship between a computer running Windows 2000 that is a member of a domain and a domain controller on which its machine account resides.C:\Ntreskit\Nltest.exe Active Directory Users and Computers (DSA)With Windows 2000, you can also reset the machine account from within the graphical user interface (GUI). In the Active Directory Users and Computers MMC (DSA), you can right-click the computer object in the Computers or appropriate container and then click Reset Account. This resets the machine account. Resetting the password for domain controllers using this method is not allowed.Microsoft Visual Basic ScriptYou can use a script to reset the machine account. You need to connect to the computer account using the IADsUser interface. You can then use the SetPassword method to set the password to an initial value. The initial password of a computer is always "computername$".The following sample scripts may not work in all environments and should be tested before implementation. The first example is for Windows NT 4.0 computer accounts and the second is for Windows 2000 computer accounts. Sample 1
Sample 2
Additional query words: LSA
Keywords : kbenv kbtool |
Last Reviewed: December 29, 1999 © 2000 Microsoft Corporation. All rights reserved. Terms of Use. |