Lab Computers and Losing Trust Relationships with the Domain

It is very common for people that use labs to have times where a computer loses its trust relationship with the domain. For example, if you restore the computer from backup or if you perform a restore from a snapshot in a virtualization environment, you will likely run into this problem.

For me, there are times when I need to roll-back a server to a previous snap-shot because I decided to experiment on it. Of course, before I start my experiment (otherwise known as a test of a wild idea), I take a snapshot. When my test fails (usually it is a horrible result), I need to restore from my previous snap-shot.

The issue is this: If during the time from my snap-shot to the time that I need to restore it, there is a possibility that the domain controller reset the computer account password. When I restore the computer, it no longer has the valid computer account password so it is not able to properly join the domain. I can re-join it to the domain, but it becomes a bit of a pain the rear, and I don’t want to do that on a regular basis.

So, what I do in my lab environment is to configure my domain controllers so that they do not reset the computer account passwords. This way, when I restore an older snap-shot or image, it will still properly join the domain. To configure the domain controllers, you need to use the registry editor and perform the following steps:

  1. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
  2. Create a new REG_DWORD value named RefusePasswordChange  and set it to 1

If you do a search on the Internet for RefusePasswordChange you will find several articles that explain this simple process. However, you may not have known that it existed.

Advertisements
This entry was posted in Uncategorized. Bookmark the permalink.

2 Responses to Lab Computers and Losing Trust Relationships with the Domain

  1. daveberm says:

    I just lost trust relationship yet once again while restoring from a snapshot. This cetainly will come in handy! Thanks Russ!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s