Nope tried that and it was no cigar or beer. At least for a DC anyway. I never tired it on anything else above 2000 either so you may get lucky and they fixed it in 2003.
Nice timing Martin! I am about to test a solution and need to isolate a DC for a week and may need this information. Jon On Fri, Sep 5, 2008 at 8:42 PM, Klint Price - ArizonaITPro < [EMAIL PROTECTED]> wrote: > Can't you just right-click on the machine in ADUC and select "reset > account"? > > Klint > > > > > Martin Blackstone wrote: > > Thanks Michael. > > > > *From:* Michael B. Smith [mailto:[EMAIL PROTECTED]<[EMAIL PROTECTED]>] > > *Sent:* Friday, September 05, 2008 1:54 PM > *To:* NT System Admin Issues > *Subject:* RE: Domain Offline More than 2 Months > > > > <lecture mode on> > > When a Windows computer joins a domain, it establishes a *secure channel*with > the directory service (be it the NT directory or Active Directory). > This secure channel is used to pass information, using a specific > cryptographic method, between the Windows computer and a domain controller > (or between domain controllers in different domains). In Windows NT, the > cryptographic method was based on NTLM. In Windows 2000 and above, it is > based on Kerberos. > > > > By default, and behind the scenes, Windows automatically changes the > password it uses to establish this secure channel every 7 – 30 days (another > value that has changed over the years). Within that lifetime times 2, a > machine is allowed to automatically resync to a new password. Outside of > that, the secure channel must be reset. > > > > The standard way of resetting a secure channel is to remove the Windows > computer from the domain and then rejoin it. However, there are two tools > that can do it as well. They are nltest.exe and netdom.exe. > > </lecture mode off> > > > > http://support.microsoft.com/default.aspx/kb/260575/EN-US/ for netdom and > > > > http://support.microsoft.com/kb/181171 for nltest. > > > > Regards, > > > > Michael B. Smith > > MCITP:SA,EMA/MCSE/Exchange MVP > > http://TheEssentialExchange.com <http://theessentialexchange.com/> > > > > *From:* Martin Blackstone [mailto:[EMAIL PROTECTED]<[EMAIL PROTECTED]>] > > *Sent:* Friday, September 05, 2008 4:40 PM > *To:* NT System Admin Issues > *Subject:* RE: Domain Offline More than 2 Months > > > > Thanks Michael, > > Can you elaborate a bit more on that? > > > > *From:* Michael B. Smith [mailto:[EMAIL PROTECTED]<[EMAIL PROTECTED]>] > > *Sent:* Friday, September 05, 2008 1:33 PM > *To:* NT System Admin Issues > *Subject:* RE: Domain Offline More than 2 Months > > > > Seems to me that if you have a single DC that holds all the FSMO roles, > that one should still be able to log in. > > > > Then you could reset the secure channels for each computer using nltest or > netdom. > > > > Regards, > > > > Michael B. Smith > > MCITP:SA,EMA/MCSE/Exchange MVP > > http://TheEssentialExchange.com <http://theessentialexchange.com/> > > > > *From:* Martin Blackstone [mailto:[EMAIL PROTECTED]<[EMAIL PROTECTED]>] > > *Sent:* Friday, September 05, 2008 4:28 PM > *To:* NT System Admin Issues > *Subject:* Domain Offline More than 2 Months > > > > So we talked about this a while back and today I got a call from someone > who has a lab network that has been off at least two months (I swear it's > not me!). As you can imagine nothing works now. > > Before I tell him he is SOL, is there any magic bullet for this? > > > > *From:* Michael B. Smith [mailto:[EMAIL PROTECTED]<[EMAIL PROTECTED]>] > > *Sent:* Tuesday, August 12, 2008 3:45 PM > *To:* NT System Admin Issues > *Subject:* RE: DC Offline > > > > The default tombstone lifetime is 60 days. Unless you changed it (not > advisable) it is either that, or higher (don't ask – there was a bug that > made it 180 for awhile). > > > > Regards, > > > > Michael B. Smith > > MCITP:SA,EMA/MCSE/Exchange MVP > > http://TheEssentialExchange.com <http://theessentialexchange.com/> > > > > *From:* Martin Blackstone [mailto:[EMAIL PROTECTED]<[EMAIL PROTECTED]>] > > *Sent:* Tuesday, August 12, 2008 6:37 PM > *To:* NT System Admin Issues > *Subject:* DC Offline > > > > I know we have discussed this before, but I probably didn't pay attention > and now I need to know. > > How long can a DC remain offline before it goes sour? I have a need to > build a small network then ship it off somewhere. It may end up staying in > the crate for a few days as well, so let's say it could be off for a week. > > It would be a standalone domain and this would be the only DC for it. > > Its demo stuff…. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
