Reset Golden Ticket password KRBTGT

Horizone 21 Reputation points
2023-01-09T20:16:54.453+00:00

Hello Everyone,

I Have a question about resetting the password of the golden ticket.

Our Domain and Forest Functionnel Level is 2008 R2. The password of the Golden ticket has never been changed. The ticket therefore does not use AES.

Our environment still contains 2003 members server.

Does resetting the KRBTGT have any impact on the old server and workstation?

Thanks you very much!

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Windows for business | Windows Server | User experience | Other
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Thameur-BOURBITA 36,266 Reputation points Moderator
    2023-01-09T20:49:40.853+00:00

    Hi,

    Does resetting the KRBTGT have any impact on the old server and workstation?

    You can perform the reset of KRBTGT password without any issue on old and new server and workstation, if you respect the following recommendations:

    • Before reset the KRBTGT password , you should check the replication and health status of all your domain controllers to ensure the replication of new password on all domain controllers in your domain.
    • The KRBTGT password should be reset twice, witha delay of 10 hours but I recommend you to wait one week at least before the second reset.
      I think one week is sufficient to ensure that the first reset is well replicated on all domain controllers without any impact on your production environment.

    KRBTGT Reset

    Please don't forget to mark helpful reply as answer

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.