You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.

06: How can I verify, test and/or reset my Domain Join (aka SecureChannel) from the endpoint to domain controller?

You can use PPUPDATE to show the current domain joined status.

Here’s an example of PPUPDATE command showing a correctly joined on-prem Active Directory joined machine:

When Not domain joined:

When the secure channel has been broken and need to be re-established:

Remediation for a broken secure channel / non-domain joined machine

Overview from Microsoft:

To attempt to reset the secure channel on a specific PC.. make sure you have network connectivity to a Domain Controller.

  1. Open PowerShell As Administrator

    Test-ComputerSecureChannel -Verbose

    If False then run:

    Test-ComputerSecureChannel -Repair -Server PDCEmulatorName -Verbose

    If repaired you will see message, if it fails then try adding a credential

    Test-ComputerSecureChannel -Repair -Server PDCEmulatorName -Credential Domain\UserName -Verbose

    Alternate steps:

  • 1123
  • 29-Apr-2021