[英]Workstation has lost the trust relationship with the domain
Ok here is a tuffy. 好的,这是一个松软的。
I know that to rebuild the trust relationship you have to logon to the workstation as a local administrator and disjoin, then rejoin the domain. 我知道要重建信任关系,您必须以本地管理员身份登录到工作站,然后取消联接,然后重新加入域。
My question is, is there a way to rebuild the trust relationship remotely? 我的问题是,有没有办法远程重建信任关系? Does anyone have a script, utility, application or command that will rebuild a lost trust relationship?
是否有人拥有可以重建失去的信任关系的脚本,实用程序,应用程序或命令?
Frequently (for us) the source of the problem behind "trust relationship" issues is that the machine account AD password is out of sync (the machine believes it to be one thing, the domain controller(s) believe it to be something else) and the machine is unable to authenticate to AD. 对于我们来说,“信任关系”问题背后的问题通常是机器帐户AD密码不同步(机器认为这是一回事,域控制器认为这是另一回事)。并且机器无法通过AD进行身份验证。
There's no need to disjoin first if the only thing that needs to change is the password. 如果唯一需要更改的是密码,则无需先断开连接。 This can be fixed relatively easily by invoking the JoinDomainOrWorkGroup method of the Win32_ComputerSystem class.
通过调用Win32_ComputerSystem类的JoinDomainOrWorkGroup方法,可以相对容易地解决此问题。 The catch is that the process must be run from the machine you wish to (re)join to the domain (otherwise, the machine account password won't get updated).
问题是必须从您希望(重新)加入域的计算机上运行该进程(否则,计算机帐户密码将不会更新)。
It can be done easily enough in PowerShell. 在PowerShell中可以很容易地完成它。 Something like this (adapted from this TechNet contribution ) would suffice:
这样的事情(改编自TechNet的贡献 )就足够了:
$CS = Get-WmiObject Win32_ComputerSystem
$CS.JoinDomainOrWorkgroup($Domain,'','',$null,33)
That will join the machine to the domain using an existing machine account. 这将使用现有计算机帐户将计算机加入域。 You may have to specify a user and password, depending on how you get shell access to the remote machine.
您可能必须指定用户和密码,具体取决于您如何通过Shell访问远程计算机。
Running it remotely does not have a one-size-fits-all solution. 远程运行它并没有一种千篇一律的解决方案。 I usually use PSExec to get remote shell access and invoke the PowerShell command (using
-EncodedCommand
to negate the need for quoting). 我通常使用PSExec来获取远程外壳程序访问权并调用PowerShell命令(使用
-EncodedCommand
消除对引号的需求)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.