You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close

06: How can I verify, test and/or reset my Domain Join (aka SecureChannel) from the endpoint to domain controller?

You can use PPUPDATE to show the current domain joined status.

Here’s an example of PPUPDATE command showing a correctly joined on-prem Active Directory joined machine:

When Not domain joined:

When the secure channel has been broken and need to be re-established:

Remediation for a broken secure channel / non-domain joined machine

Overview from Microsoft: https://support.microsoft.com/en-us/topic/resetting-computer-accounts-in-windows-762e3208-0e05-1696-75fa-333d90717d1e

To attempt to reset the secure channel on a specific PC.. make sure you have network connectivity to a Domain Controller.

  1. Open PowerShell As Administrator

    Test-ComputerSecureChannel -Verbose

    If False then run:

    Test-ComputerSecureChannel -Repair -Server PDCEmulatorName -Verbose

    If repaired you will see message, if it fails then try adding a credential

    Test-ComputerSecureChannel -Repair -Server PDCEmulatorName -Credential Domain\UserName -Verbose

    Alternate steps: https://mcpmag.com/articles/2015/03/05/rejoin-a-computer-from-a-domain.aspx

  • 1123
  • 29-Apr-2021
  • 1345 Views