Occasionally, an old machine dies. It is always a surprise to the client that a six year old laptop running Windows 7 can die, but, sadly, as we technigenarians know it, tragedy can strike the computer world at any time. The fatal flaws in SSL 3. Speculative-execution vulnerabilities in every modern processor. The soap opera that is Java. We have seen behind technology’s shimmery curtain and it is ugly backstage.
Clients, though, expect their soft and hard gear to last sometime beyond forever, so they save their Office95 licenses, their replaced Pentium workstations, their 12 pound laptops. Then, when one of their Old Production Machines topples over, what do they do? They dig out the Even Older Production Machine that has been sitting in a closet for a year, plug it in and naively expect it to just hop up and go. Never mind that it will take three hours just to finish running Windows updates. Ignore the time required for updating 3PAs (Third-Party Apps), ’cause Flash hasn’t changed much, right?
But, what about getting WOR-CREAKY back on the Domain again? Since it has been way more than 30 days (the policy default), the machine password has aged out and it will not reconnect to the domain and allow current domain credentials to login without some help. Wouldn’t it be nice to not have to go through the usual join-to-workgroup-reboot-join-to-domain-reboot? Enter one handy PowerShell command – Reset-ComputerMachinePassword.
The Reset-ComputerMachinePassword is run from ol’ CREAKY through an Administrative PowerShell session. This means being logged onto the machine using a local Administrator account. If you are using some sort of Remote Machine Management tool that gives you admin rights to run commands then you can use that. If not, then you will have to use a local admin user that has already been setup on the machine before it was mothballed. If that is the case, you will have to do some sort of password recovery on the machine. You will have to look elsewhere to get that done.
Once you have logged in and started PowerShell as Administrator, run the command with a couple of parameters. Reset the password for the local computer by noting a specific domain controller:
Reset-ComputerMachinePassword -Server “DC01” -Credential CLIENTDOMAIN\JoeBobUser
That’s it. If you can think of something to add, please let us know.
References:
https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age