Trust Relationship Error

scottalanmiller

@momurda said in Trust Relationship Error:

You can simply unplug the Ethernet cable, reboot and login with the domain admin login. It then cant check the domain on reboot and should let you in. You can then fix the time, remove it, make a local admin user, reboot, rejoin to domain. done this many times in the past, if I am understanding you.

I got the impression that he doesn't have any admin passwords.

momurda

@scottalanmiller @Lakshmana
Ah, if that is the case then there is an option to use the NT Offline PW reset bootable iso and change the local administrator pw or blank it. You can then login as the local administrator, and remove the pc from the domain using that account.
That would then require the object to be deleted from AD manually some time in the future. the pc would then also need to be renamed as well I think if you wanted to rejoin it.

JaredBusch

@momurda @scottalanmiller

If he has no admin password access at all then there is no point in doing anything because even a clean install will require a domain admin password to join the system to the domain.

Dashrender

@momurda said in Trust Relationship Error:

You can simply unplug the Ethernet cable, reboot and login with the domain admin login. It then cant check the domain on reboot and should let you in. You can then fix the time, remove it, make a local admin user, reboot, rejoin to domain. done this many times in the past, if I am understanding you.

This only works if a domain admin has logged into the PC in the past - i.e. uses Cached Credentials.

Dashrender

@scottalanmiller said in Trust Relationship Error:

@momurda said in Trust Relationship Error:

You can simply unplug the Ethernet cable, reboot and login with the domain admin login. It then cant check the domain on reboot and should let you in. You can then fix the time, remove it, make a local admin user, reboot, rejoin to domain. done this many times in the past, if I am understanding you.

I got the impression that he doesn't have any admin passwords.

The impression I got was that he doesn't have either a local admin password or a cached domain admin (of course, he might have a cached domain admin, but if he didn't unplug the ethernet, then it would deny him because of the lack of account trust).

Dashrender

@momurda said in Trust Relationship Error:

@scottalanmiller @Lakshmana
Ah, if that is the case then there is an option to use the NT Offline PW reset bootable iso and change the local administrator pw or blank it. You can then login as the local administrator, and remove the pc from the domain using that account.
That would then require the object to be deleted from AD manually some time in the future. the pc would then also need to be renamed as well I think if you wanted to rejoin it.

Assuming JB's assertion is wrong, and they really do know the domain admin username/password, but they don't have a working local admin password - this solution will work for resetting the local admin, which then can then use as indicated.