5

Our server is Windows 2016. I set up a new install of Windows 10 on a new hard drive. I named the computer on the new install the same as the old one. I kept the old hard drive as-is and didn't make any changes to it for back up purposes.

Something has happened unrelated to this and I need to go back to the old drive for now. Now when I try to login with the old hard drive it says "The trust relationship between this workstation and the primary domain failed".

There is no local admin account I can access.

I believe this has to do with me setting the computer name on the new install the same name as the previous one. I have tried resetting the computer account in active directory, but this doesn't solve the problem. I am afraid to just delete the computer in AD as I am fairly new to AD and not sure of the ramifications to the current setup in the network.

Not sure how to move on from this.

Greg Askew
  • 35,880
  • 5
  • 54
  • 82
spencerja8
  • 51
  • 1
  • 2
  • 1
    If the network cable is disconnected, it should be possible to logon with cached credentials. Otherwise, you cannot use a computer whose account credentials have been overwritten by another computer when it was joined. – Greg Askew Aug 29 '22 at 18:28
  • Lesson learned for next time (and there WILL be a next time): before doing this next time, add a local account (not a domain one) with full privileges, at the very least, just before you shut the system down and replace the hard drive. – CGCampbell Aug 30 '22 at 12:51

3 Answers3

5

Same name? Then yes, it is the same computer account and you just overwrite the keys for the trust relationship as they are stored under the computer in AD. There is nothing you can do now - really. The old trust is gone. History.

Only way to access things on the HD now are basically adding it as second hard disc.

TomTom
  • 51,649
  • 7
  • 54
  • 136
  • Unplug network cable and log in with domain account that has local admin usually works; if it doesn't, boot disk to enable local admin and reset password will work. However yes the domain-joined property is gone. – joshudson Aug 30 '22 at 16:33
5

The computer objects authenticates with a password, just like any other user. The trust relationship fails when the computer can't authenticate anymore towards the domain.

In your case, you overwrote the password from the "old" computer account in Active Directory (because you reused the computer name), so, the password provided by the old computer is not valid anymore.

You can disconnect the old computer from the network, and try to login (offline) with a username/password you previously used on this computer: Windows will authenticate from the local cache instead of your Active Directory. Once you are on the desktop you can connect the network again and maybe leave the domain, rename the computer, join the domain again.

Swisstone
  • 6,725
  • 7
  • 22
  • 32
  • Note that you should create a local admin account immediately as un-join domain will void your credentials. – joshudson Aug 30 '22 at 16:34
5

As others have said already, the old operating system can't authenticate to the domain anymore, because the computer account has been reassigned to the new one; the only solution is to join the domain again, but in order to do that you need to log in to the system in the first place.

If you start Windows without a network connection and try to log in using a domain user account that successfully logged in before, this could work thanks to cached credentials; if it doesn't work, you'll need to reset the local Administrator password. Luckily for you, the question has been asked before (several times): https://superuser.com/questions/72244/what-can-i-do-if-i-forgot-my-windows-password.

Massimo
  • 70,200
  • 57
  • 200
  • 323