The Trust Relationship Between this Workstation and the Primary Domain Failed
It can be confusing when you go to log into a computer on your domain and you’re suddenly confronted with the message:[box type=”warning”] The trust relationship between this workstation and the primary domain failed.[/box]
Why would you get this message? Typically it happens when the computer you’re trying to log into has had it’s Active Directory account deleted (generally by accident). The Computer account on the Active Directory server has a special key that is generated for authentication reasons and it can’t be recovered if you’re not running a later version of Active Directory with undelete functions turned on.
Unjoin and Rejoin the Domain?
Administrators can get a bit worried when this happens because the usual solution is to unjoin the computer from the domain and then rejoin it. This can result in having users have to create new profiles and other problems that are at a minimum annoying. Thankfully, I can tell you NO, don’t unjoin and rejoin the domain!
Powershell is your Friend
Yes, as odd as it has been, Microsoft has seen the light of the command line world and given us Powershell. If you’re running Powershell v3 or later, you can solve your missing computer Active Directory account very simply. Just do the following:
- Make sure that you have PowerShell v3 installed. If you’re running Windows 7, like this computer was, you’ll need to do 2 steps to upgrade to PowerShell 3. Follow these steps for Installing Windows PowerShell on Windows 7 and Windows Server 2008 R2 and follow the steps in the section with the same name. If you have problems with this, feel free to leave a comment and I’ll do my best to help.
- Create the computer account in Active Directory. If the Active Directory computer account exists already, you can skip this step.
- After you have PowerShell 3 installed, run the following command on your untrusted computer:
$PSCredential = Get-Credential Reset-ComputerMachinePassword -Server <DomainControllerName> -Credential $PSCredential
Once you enter your credentials and the command has completed, your computer should once again be connected to Active Directory and able to authenticate. That’s it! As usual, leave a comment if it helped you.