Resetting the secure channel for a computer in a domain

Every now and then a computer will lose it’s security association with the domain controller.

This happens a lot when you use virtual machines and snapshots.

You can fix this in a number of ways.

The manual way is to reset the computer account in Active Directory Users and Computers.

Join a workgroup then rejoin the domain.

A better way is to use DSMOD

dsmod computer “cn=W8WS1,ou=test,ou=testdomain,ou=com” -reset

then restart the computer.

Another good way is to use nltest

nltest /server:W8WS01 /sc_reset:testdomain\dc01

This has the advantage of not needing to restart the computer.

And finally with PowerShell you can use:

Test-ComputerSecureChannel -Repair

This also does not require a restart.