trust relationship between workstation and primary domain failed
Using a VB script from the Microsoft Hey Scripting Guy site to add a domain user to a local administrators group:
Doing this in a Windows XP Service Pack 3 environment. It works some but not all the time. On occasion I get the message "The trust relationship between this workstation and the primary domain failed."
Reading about this error online, people have said they've removed the PC from the domain then rejoined the domain, and that solves the issue.
However, all I've had to do is reboot the PC and rerun the script and it works.
I'd like to build in some error handling to the script, but am not quite sure of the underlying cause for the error. At first I suspected the registry key HKLM\System\CurrentControlSet\Control\SessionManager\PendingFileRenameOperations, but that key has been populated with a value in only some of the instances.
So while a reboot solves the issue, I don't know WHY it solves the issue, and I'm not sure what I should add to my error handling code.
Has anyone else encountered this?
strComputer = "."
Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")
Set objUser = GetObject("WinNT://adminsys/XTeam-wksadm")
On Error Resume Next
Err.Clear
objGroup.Add(objUser.ADsPath)
Doing this in a Windows XP Service Pack 3 environment. It works some but not all the time. On occasion I get the message "The trust relationship between this workstation and the primary domain failed."
Reading about this error online, people have said they've removed the PC from the domain then rejoined the domain, and that solves the issue.
However, all I've had to do is reboot the PC and rerun the script and it works.
I'd like to build in some error handling to the script, but am not quite sure of the underlying cause for the error. At first I suspected the registry key HKLM\System\CurrentControlSet\Control\SessionManager\PendingFileRenameOperations, but that key has been populated with a value in only some of the instances.
So while a reboot solves the issue, I don't know WHY it solves the issue, and I'm not sure what I should add to my error handling code.
Has anyone else encountered this?
0 Comments
[ + ] Show comments
Answers (1)
Please log in to answer
Posted by:
anonymous_9363
13 years ago
I suspect it's related to machine account password-aging.
If the machine and domain haven't "agreed" to a password change for the machine's account (this normally happens if a machine has been disconnected from the domain longer than the specified number of days), AD effectively removes that machine from the domain. You can interrogate that directly in AD: the account has a property 'pwdLastSet'.
If the machine and domain haven't "agreed" to a password change for the machine's account (this normally happens if a machine has been disconnected from the domain longer than the specified number of days), AD effectively removes that machine from the domain. You can interrogate that directly in AD: the account has a property 'pwdLastSet'.
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.
