Wahmans Powershell Blog

Reset-ComputerMachinePassword

Reset-ComputerMachinePassword – A Handy Tool for Machine Account Troubles

Welcome back to Wahmans PowerShell Blog! Today, we’re diving into a lesser-known but incredibly useful cmdlet: Reset-ComputerMachinePassword. This PowerShell cmdlet is a go-to solution when your computer’s trust relationship with a domain has been broken. What it does is simple yet powerful—it resets the Local Machine Account password and re-establishes secure communication with the domain.

Why Use Reset-ComputerMachinePassword?

In a domain environment, each computer has its own hidden account in Active Directory. This account has a password that automatically changes approximately every 30 days. Issues can occur when the machine and domain fall out of sync, such as if a VM snapshot is restored or if time lapses due to network configurations. This is where Reset-ComputerMachinePassword comes to the rescue.

Syntax

Reset-ComputerMachinePassword [-Credential <PSCredential>] [-Server <String>]

Let’s Explore This Cmdlet with 4 Examples!

Example 1: Basic Reset Using Current Credentials

If you’re logged in with a domain administrator account, you can simply run:

Reset-ComputerMachinePassword

This command resets the machine account password using the current credentials and contacts a domain controller chosen by the system.

Example 2: Using Alternate Credentials

Let’s say your current session is not with a domain admin, but you have credentials:

$cred = Get-Credential
Reset-ComputerMachinePassword -Credential $cred

This allows you to pass in the proper admin credentials securely via the credentials prompt.

Example 3: Specify a Domain Controller

In large environments with multiple domain controllers, you might want to reset against a specific DC:

$cred = Get-Credential
Reset-ComputerMachinePassword -Credential $cred -Server 'DC01.domain.local'

This is useful if you know a particular domain controller is authoritative or closest to your network location.

Example 4: Automate Trust Repair via Script

For advanced use, you can create a script to automate password resets on remote machines (requires remoting and credentials):

$servers = @('SERVER01', 'SERVER02')
$cred = Get-Credential

foreach ($srv in $servers) {
    Invoke-Command -ComputerName $srv -ScriptBlock {
        Reset-ComputerMachinePassword -Credential $using:cred
    }
}

This script resets the trust relationship for multiple servers remotely using PowerShell remoting.

Wrap-Up

Whether you’re fixing trust issues for one machine or automating it across your environment, Reset-ComputerMachinePassword is a solid cmdlet to have in your PowerShell toolbox.

Happy scripting, and I will see you in the next post!

Leave a Reply

Your email address will not be published. Required fields are marked *