Fix Broken trust relationship without local admin account password

create share 646 Reputation points
2023-05-15T05:09:40.97+00:00

Hi,

Is it possible to fix a broken trust relationship between a PC and a domain if the local administrator password is also lost on the PC? The user can only log in using his domain user account after disconnecting the network.

Thanks.

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,091 questions
0 comments No comments
{count} vote

4 answers

Sort by: Most helpful
  1. dejanforo 5 Reputation points
    2023-09-13T12:16:36.4333333+00:00

    Yes it is possible.

    If you were at any in the past, logged as domain admin onto that machine, your credentials are casched locally. And in case you do not have the local admin password, you can use the following a simple trick to force the login with cashed domain credentials although there is no trusted connection to the domain.

    1. disconnect the machine from network
      1. if this is a physical machine simply unplug the cable
        1. it it is a vmware virtual machine simply disconect the network adapter for that virutal machine in Vcenter (DO NOT remove the network adapter, just disconnect)
    2. log in with the domain admin credentials
    3. reconnect the machine to the network
    4. run the following command from Windows Powershell:

    Reset-ComputerMachinePassword

    Kind regards,

    Dejan Foro
    dejan.foro@exchangemaster.ch

    1 person found this answer helpful.
    0 comments No comments

  2. Amal Perera 20 Reputation points
    2023-05-15T05:21:15.8433333+00:00

    There are ways to recover the admin password. Use one of these to recover the admin password and remove and re-add to the domain.


  3. James Farrow-Couldrey 0 Reputation points
    2023-06-01T12:45:37.99+00:00

    Hi There,

    the easiest way to fix this is to remove and re-add the machine to the domain.

    If the user that is able to log in off the domain network is an admin, you can reset the local admin password this way, or simply create a new local admin.

    if not, you would need to either have remote access software with some admin rights to run a cmd prompt to run the netuser cmd to reset the password.

    failing this, you could always back up the required data and re image the laptop and start again.

    Kind Regards,

    0 comments No comments

  4. James Farrow-Couldrey 0 Reputation points
    2023-06-01T12:48:03.6233333+00:00

    failing that, if you have access to a cd drive - there is a win10 administrative disk that allows you to go in and reset/create accounts on the system.

    0 comments No comments