Fix Broken trust relationship without local admin account password

Question

Hi,

Is it possible to fix a broken trust relationship between a PC and a domain if the local administrator password is also lost on the PC? The user can only log in using his domain user account after disconnecting the network.

Thanks.

Answer 1

Yes it is possible.

If you were at any in the past, logged as domain admin onto that machine, your credentials are casched locally. And in case you do not have the local admin password, you can use the following a simple trick to force the login with cashed domain credentials although there is no trusted connection to the domain.

1. disconnect the machine from network
   1. if this is a physical machine simply unplug the cable
      1. it it is a vmware virtual machine simply disconect the network adapter for that virutal machine in Vcenter (DO NOT remove the network adapter, just disconnect)
2. log in with the domain admin credentials
3. reconnect the machine to the network
4. run the following command from Windows Powershell:

Reset-ComputerMachinePassword

Kind regards,

Dejan Foro
dejan.foro@exchangemaster.ch

Answer 2

There are ways to recover the admin password. Use one of these to recover the admin password and remove and re-add to the domain.

Answer 3

Hi There,

the easiest way to fix this is to remove and re-add the machine to the domain.

If the user that is able to log in off the domain network is an admin, you can reset the local admin password this way, or simply create a new local admin.

if not, you would need to either have remote access software with some admin rights to run a cmd prompt to run the netuser cmd to reset the password.

failing this, you could always back up the required data and re image the laptop and start again.

Kind Regards,

Answer 4

failing that, if you have access to a cd drive - there is a win10 administrative disk that allows you to go in and reset/create accounts on the system.