06: How can I verify, test and/or reset my Domain Join (aka SecureChannel) from the endpoint to domain controller? - PolicyPak

Home > 110: All Things Licensing > Knowledge Base > 08: Licensing Troubleshooting and Un-Licensing: Active Directory (GPO and SCCM) > 06: How can I verify, test and/or reset my Domain Join (aka SecureChannel) from the endpoint to domain controller?

06: How can I verify, test and/or reset my Domain Join (aka SecureChannel) from the endpoint to domain controller?

PPWeb Team

Apr 29, 2021

3864

You can use PPUPDATE to show the current domain joined status.

Here’s an example of PPUPDATE command showing a correctly joined on-prem Active Directory joined machine:

When Not domain joined:

When the secure channel has been broken and need to be re-established:

Remediation for a broken secure channel / non-domain joined machine

Overview from Microsoft: https://support.microsoft.com/en-us/topic/resetting-computer-accounts-in-windows-762e3208-0e05-1696-75fa-333d90717d1e

To attempt to reset the secure channel on a specific PC.. make sure you have network connectivity to a Domain Controller.

Open PowerShell As Administrator

Test-ComputerSecureChannel -Verbose

If False then run:

Test-ComputerSecureChannel -Repair -Server PDCEmulatorName -Verbose

If repaired you will see message, if it fails then try adding a credential

Test-ComputerSecureChannel -Repair -Server PDCEmulatorName -Credential Domain\UserName -Verbose

Alternate steps: https://mcpmag.com/articles/2015/03/05/rejoin-a-computer-from-a-domain.aspx

Feedback

0 out of 0 found this helpful

Need additional information

Hard to understand

Inaccurate/irrelevant content

Missing/broken link