Reset Computer Account Trust Relationship

There are a number of reasons due to which the trust relationship between a Domain Controller and a Domain member can be broken. Don’t worry there always a solution exists for every problem (at least for most of the problems). If it happens to your network, you can reset Computer Account Trust Relationship between the server and workstation. In this post, we will explain how to reset trust relationship in Windows Server 2016 Active Directory.

First, understand the topology we are going to use to demonstrate the step by step guide to fix the trust relationship issue. We have a Domain Controller named DC1 that runs Windows Server 2016 (TP) and we have a domain member that runs Windows 8.1/10. First, we will try to break the trust relationship between the domain controller and domain member and then we will fix this issue.

Also read: Top new features of Windows Server 2016 (TP5)

Important: Since Windows Server 2016 is still in the Technical Preview state, it is not recommended to use in the production environment. We use it only for the testing and learning purposes. If there will be any changes in the official version of Windows Server 2016, we will try to update the articles accordingly.

Steps to Reset Computer Account Trust Relationship

In order to Reset Computer Account Trust Relationship in Windows Server 2016 Active Directory, you need to perform the following steps:

  1. On your Domain Controller, open the Active Directory Users and Computers console (dsa.msc).
  2. On the Active Directory Users and Computers console, expand your domain name and select the Computers container.
  3. In the right pane, select and right-click your domain member of which the trust relationship is broken. Select Reset Account. When the Active Directory Domain Services message appears, click Yes and the click OK.Reset Computer Account Trust Relationship

Test the effect of the broken computer account’s trust relationship

To test what happens when the trust relationship breaks, try to sign in to your domain member using a domain user account. The following message should be displayed:

The trust relationship between this workstation and the primary domain failed.


Fix the Broken Trust Relationship

  1. To fix this issue, sign in to your domain machine using the local administrator account. Open the System Properties settings and select Network ID.
  2. On the Join a Domain or Workgroup window, ensure that the business network option is selected before clicking Next.Reset Computer Account Trust Relationship in Active Directory
  3. Follow the on-screen instructions in next pages and navigate to the Type your user name, password, and domain name for your domain account page. Here, you need to provide appropriate administrator credentials & your domain name information. Click Next to continue.Provide Domain Information
  4. On the User Account and Domain Information message box, click Yes. On the Do you want to enable a domain user account on this computer? page, select the Do not add a domain user account radio button. Click Next and finish the wizard.
  5. You will be asked to restart your system, so you know what should you do? Once the system is restarted, sign in to your domain member using your domain user account. Now, you should be able to sign in successfully. Please drop your queries  in comment box if you face any problems. We will try to catch you soon. 

In this post, we have explained how to reset computer account trust relationship between the Domain controller and Domain member in Windows Server 2016 Active Directory-based domain network. Hope, you loved it. Let others to enjoying it by just sharing the article with your friends.

Posted in Windows Server 2016 Tagged with: ,