Securing Computers and Active Directory

(Page 1 of 4 )

In this third part to a four-part series on how Active Directory handles computers, you'll learn how to test a secure channel for a computer, reset a computer account, and more. It is excerpted from chapter eight of the Active Directory Cookbook, Second Edition, written by Robbie Allen and Laura E. Hunter (O'Reilly; ISBN: 059610202X). Copyright © 2006 O'Reilly Media, Inc. All rights reserved. Used with permission from the publisher. Available from booksellers or direct from O'Reilly Media.

Testing the Secure Channel for a Computer

Problem

You want to test the secure channel of a computer.

Solution

Using a command-line interface

  > nltest /server:<ComputerName> /sc_query:<DomainName>

Discussion

Every member computer in an Active Directory domain establishes a secure channel with a domain controller. The computer’s password is stored locally in the form of an LSA secret and in Active Directory. This password is used by the NetLogon service to establish the secure channel with a domain controller. If for some reason the LSA secret and computer password become out of sync, the computer will no longer be able to authenticate in the domain. The nltest /sc_query command can query a computer to verify its secure channel is working. Here is sample output from the command when things are working:

  Flags: 30 HAS_IP HAS_TIMESERV
  Trusted DC Name \\dc1.rallencorp.com
  Trusted DC Connection Status Status = 0 0x0 NERR_Success
  The command completed successfully

If a secure channel is failing, you’ll need to reset the computer as described in Recipe 8.9. Here is sample output when things are not working:

  Flags: 0
  Trusted DC Name
  Trusted DC Connection Status Status = 1311 0x51f ERROR_NO_LOGON_SERVERS
  The command completed successfully

See Also

Recipe 8.9 for resetting a computer and MS KB 216393 (Resetting Computer Accounts in Windows 2000 and Windows XP)

Next: Resetting a Computer Account >>
 

More Windows Scripting Articles
More By O'Reilly Media

Comments On: Securing Computers and Active Directory

· This article is an excerpt from the book "Active Directory Cookbook, Second...   >>> Post your comment now!

Buy this book...

This article is excerpted from chapter eight of the Active Directory Cookbook, Second Edition, written by Robbie Allen and Laura E. Hunter (O'Reilly; ISBN: 059610202X). Check it out today at your favorite bookstore. Buy this book now.