Reset-ComputerMachinePassword in PowerShell

You can reset the machine account password for the computer using Reset-ComputerMachinePassword cmdlet in PowerShell. You can fix the trust relationship between the workstation and active directory domain using the Reset-ComputerMachinePassword cmdlet.

Reset-ComputerMachinePassword cmdlet is used to change the computer account password for the local computer or local computer by using a domain controller.

In this article, I will explain how to use the Reset-ComputerMachinePassword cmdlet in PowerShell to reset local computer account password, reset the password on the remote computer and fix the trust relationship between this workstation and the primary domain.

Reset-ComputerMachinePassword Cmdlet

You can use Reset-ComputerMachinePassword cmdlet in PowerShell to reset the computer password for the local computer or remote computer in the domain.

Syntax:

Reset-ComputerMachinePassword
     [-Server <String>]
     [-Credential <PSCredential>]
     [-WhatIf]
     [-Confirm]
     [<CommonParameters>]

Parameters:

Server: This parameter is optional. It specifies the domain controller name when the command changes the computer account password.

Credentials: It specifies a user account that has permission to execute the command. Default is the current user.

Reset-ComputerMachinePassword cmdlet doesn’t have any input pipe to it and doesn’t generate any output on successful execution.

Let’s understand Reset-ComputerMachinePassword cmdlet with examples to reset the computer for the local computer, reset the password on a remote computer, fix the trust relationship between workstation and primary domain.

Reset-ComputerMachinePassword – Reset local computer account password

You can use Reset-ComputerMachinePassword cmdlet in PowerShell to reset the computer account password for the local computer.

Reset-ComputerMachinePassword

The above cmdlet in PowerShell runs with current user credentials.

Reset local Computer Account Password

You can use Reset-ComputerMachinePassword to reset the remote computer password using the domain controller name below

Reset-ComputerMachinePassword -Server "EU-S01" -Credential Domain01\ShellAdmin

In the above command, it reset the local computer account password by using the domain controller name EU-S01.

It uses Credentials parameter to specify ShellAdmin user who has permissions to reset local computer account password in the domain.

Reset Remote Machine Account Password

To reset the remote machine account password in the domain, you need to use Invoke-Command cmdlet to run Reset-ComputerMachinePassword.

Invoke-Command -ComputerName "incorp-EU-101" -ScriptBlock {Reset-ComputerMachinePassword -Credential Domain01\ShellAdmin}

In the above PowerShell script, it reset remote computer machine password specified by the ComputerName parameter.

It uses Credentials parameter to specify ShellAdmin user who has permissions to reset remote computer password in the domain.

Cool Tip: Using Get-ADObject to find active directory objects in PowerShell!

Fix Trust Relationship between WorkStation and Primary Domain

Sometimes, when the user tries to login into a computer in the domain using domain credentials, it gives error as below

The trust relationship between this workstation and the primary domain failed.

There are many ways to repair the relationship between workstation and the primary domain as below

  • Reset the computer account in Active Directory
  • Rejoin the computer to the domain
  • Reboot

The best way to fix the trust relationship between the workstation and the primary domain failed issue is to use Reset-ComputerMachinePassword cmdlet in PowerShell. You can also use ADUC (Active Directory Users and Computers) console snap-in to reset the computer.

Reset-ComputerMachinePassword  -Server "EU-S2" -Credential Domain01\ShellAdmin

In the above command, Reset-ComputerMachinePassword cmdlet reset the computer password for the local computer by using the domain controller name and using user who has permissions to reset password for the computer in the domain.

Reboot the computer and try to log in to the computer account using domain credentials.

Conclusion

I hope the above article on Reset-ComputerMachinePassword cmdlet in PowerShell is helpful to reset the password for the local computer account, reset the password for the remote computer account in the the domain.

Reset-ComputerMachinePassword cmdlet is very much helpful to repair the trust relationship between workstation and primary domain issue.

You can find more topics about PowerShell Active Directory commands and PowerShell basics on ShellGeek home page.

Leave a Comment