Fix trust relationship at sites with smart card restrictions

So I know there are lots of articles out there which tell you  how to fix the trust relationship between a machine and AD. However, in sites where smart cart authentication is enforced for admin accounts, it is very difficult to do that easily. I tried many methods and this is the one which works quickest for me:

This assumes that you have two accounts. one admin and one non admin.

  1. Delete AD computer account of that machine
  2. Add AD account for the machine, let your non admin account be able add machine to domain
  3. Go to the machine and on an “administrative command  prompt” type this command:
  4. netdom resetpwd /s:domain-controller-name /ud:non-admin account /pd:*
  5. You will be prompted for a password. Type the non admin account’s password
  6. Reboot (not strictly needed)
  7. Done!

This is just one way of many other ways to do this.

Find account’s disable date and more in AD

First of all, please note that  there is no disabled time stamp attribute in AD.

Having said that, here are some tips to find when an account was disabled in Active directory:

You can use ADSIedit to look at an account’s properties. Scroll all the way down and look at the Attribute called “whenChanged”. This will tell you when the account was disabled.

Continue reading “Find account’s disable date and more in AD”