I have a 2008 functional level domain in a 2003 functional level forest, with DCs running Server 2008 and 2008 R2.
A number of member servers & computers are virtual machines. Sometimes these get rolled back to prior snapshots and sometimes this breaks trust. Usually I am able to resolve this easily in this manner:
- Disconnect the network;
- Log in as the domain admin, which works using cached credentials;
- Reconnect the network;
- Run
netdom resetpwd /server:<DC-name> /userd:<dom>\<dom-admin> /passwordd:*
I've had no trouble doing this with more recent Windows versions, but I'm finding this doesn't work on a Server 2003 R2 member server. Instead it just gives me this error:
The machine account password for the local machine could not be reset
The specified domain either does not exist or could not be contacted
I'm not sure if I'm doing something wrong or if it's even possible in 2003 R2.
I also tried resetting the machine account via AD Users & Computers but it seemed to have no effect.
The DCs can be pinged fine from the server, and the domain is fine otherwise. I've also tried net useing the IPC$ share on a DC and that works, too. Their NETLOGON and SYSVOL also show up in net view. The member worked fine prior to rolling back. In fact, not much has changed, other than the member machine account password.
The easiest and most expedient thing to do would be to unjoin then rejoin the domain.
You can also use netdom to reset the computer account. See Microsoft KB article 325850 for more details.
The basic command is