I think it was funny that the website you did troubleshoot the trust relationship problem, the actually solution was there and you skipped it and said that is some weird stuff =) The problem is that the computer password has changed (it's on a timer) in AD, when you did your snapshot restore back in time the computer password don't match the AD password. Im talking about the computer AD object now, not the user. To fix it, login with local admin account, open PS as admin: Reset-ComputerMachinePassword -Server "ADServerName" -Credential Domain\DomainUserWithRights To avoid this you can set in registry not to change the password automaticly: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters change DisablePasswordChange from 0 to 1 And big thanks to your videos, they are great =)
If the domain user already logged in, you can disconnect the ethernet just to use the cached password, then you can replug it and rejoin the domain. If you want to rejoin the domain without rebooting the machine twice, you can just remove the tld (.local, .com etc), in your case ".com" After that reboot your PC is resynced with the domain
Dude, whatever you do, don't stop doing these videos. I can't remember the last time I watched a 50min video without falling asleep. You're awesome buddy. Keep up the great work!!!
Hey John, i really appreciate you taking the time to cover AD in this much depth. I'm preparing to undertake my OSCP, i think (without 100% knowing) this will go a long ways with helping me reach that goal! Best of luck to you, can looking forward to seeing more! :)
@@_JohnHammond Oh yes, its such a hassle. I´m admin for a software company and i have to deploy or rollback VMs on a daily basis. But it has become lazy practice to just reinstall fully automated and just link in a data drive afterwards. Other approach is to roll back all related lab machines at once. I´m learning more here about Powershell than in any tutorial i´ve watched before. (okay .. i like Python better, got it installed on every machine in our company)
Haha, this is awesome! You think it took you a long time? I tried to follow along without necessarily just copying your code, I messed something up with the "catch" process for adding users to groups, and it took me like two hours to figure out why it was breaking...
If you have an AD setup, it shouldn't really matter. Granted I haven't watched this video yet, but to "remove" AD you'd have to uninstall ADDS Domain Controller to destroy it.
I wrote a script to automate user creation and AD grouping for specific OU's took me about an hour but it saved me from entering 80 users manually for my project.
There is Test-Computersecurechannel to check if computer is still trusted on domain and if trust is broken you restore it with Test-Computersecurechannel -repair -credential username/pw
I think it was funny that the website you did troubleshoot the trust relationship problem, the actually solution was there and you skipped it and said that is some weird stuff =)
The problem is that the computer password has changed (it's on a timer) in AD, when you did your snapshot restore back in time the computer password don't match the AD password. Im talking about the computer AD object now, not the user.
To fix it, login with local admin account, open PS as admin:
Reset-ComputerMachinePassword -Server "ADServerName" -Credential Domain\DomainUserWithRights
To avoid this you can set in registry not to change the password automaticly:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
change DisablePasswordChange from 0 to 1
And big thanks to your videos, they are great =)
If the domain user already logged in, you can disconnect the ethernet just to use the cached password, then you can replug it and rejoin the domain.
If you want to rejoin the domain without rebooting the machine twice, you can just remove the tld (.local, .com etc), in your case ".com"
After that reboot your PC is resynced with the domain
Dude, whatever you do, don't stop doing these videos. I can't remember the last time I watched a 50min video without falling asleep. You're awesome buddy. Keep up the great work!!!
I remember the last time I watched a 50 min video without falling asleep. It was all of John's Malware Analysis videos. Wish he'd do more.
1000% love them.
Hey John, i really appreciate you taking the time to cover AD in this much depth.
I'm preparing to undertake my OSCP, i think (without 100% knowing) this will go a long ways with helping me reach that goal!
Best of luck to you, can looking forward to seeing more! :)
Thank you for being the person that you are, loving this AD series!!
These videos are so helpful. Thank you very much for your perfect tutorials without cutting out the errors and troubleshooting.
I was so waiting for you to use PowerShell splatting. It's a really clean way to pass arguments (with values) to cmdlets.
I love the whole learning by teaching concept.
This was dope. Nice dive into PS and AD for me. Thanks.
When you were getting the message trying to log on, I was shouting at my screen about the revert to a clean snapshot 😂
We spend some time fixing it in the next video, because it makes it a pain.
@@_JohnHammond Oh yes, its such a hassle. I´m admin for a software company and i have to deploy or rollback VMs on a daily basis.
But it has become lazy practice to just reinstall fully automated and just link in a data drive afterwards.
Other approach is to roll back all related lab machines at once.
I´m learning more here about Powershell than in any tutorial i´ve watched before. (okay .. i like Python better, got it installed on every machine in our company)
Super nice thx ! I like to see your methodology and the troubleshooting ! I learn so much from your videos and this is a cool project! ;)
Awesome stuff! I love the thought process of working through it. Please keep going.
Great man your really doing great from last 10 year's 🙌🙌🙌
I am so glad to see that Windows doesn't behave as expected for you at times. I thought it was just me. lol
The thickness of that Win11 taskbar is insane
Haha, this is awesome! You think it took you a long time? I tried to follow along without necessarily just copying your code, I messed something up with the "catch" process for adding users to groups, and it took me like two hours to figure out why it was breaking...
AD from hammond's university .... thank you for the content 🙂
I saw this exact error @ ~minute 39 last week. As soon as I heard it I knew exactly what was up. Its definitely 'scary' the first time you see it.
10:21 Doing some googleing on the fly together --Meanwhile continues to use bing
This series is awsome.
Awesome video John, thanks!
Hi John,
great stuff, It's been a while but I remember back on server 2008, loading users etc from a CSV file, But I like coding.... Cheers Darren
Awesome video as usual!
Go on we need you to teach us red and blue teaming with this plz continue it
great video. quick question where did you buy that shirt ?
Love these videos so much to learn
I like long quality videos!
you are so smart!
Can you also do a server hardening series?
🤩🤩
👍
Brother confusion tool confusion.
Is it *(AD #03)* OR *(AD #02)*
??
Great catch, thank you!!!
How do I remove an existing active directory? My pc won't allow me to follow your steps coz of the existing one
If you have an AD setup, it shouldn't really matter. Granted I haven't watched this video yet, but to "remove" AD you'd have to uninstall ADDS Domain Controller to destroy it.
@@shadaxgaming thanks, appreciate 🙏
@@jonstart4185 Any time Jon. Good luck.
did you install AD on your actual PC? O.o
im confused y is this unlisted and im lost this hould be #3
It's the third video but with an index starting from 0
Arrays start at #0
Me too
I thought it was already uploaded bruh
Us
Get the hell out of my head, I was literally doing this exact same thing Friday.
Administrator password mini status?
Licence attending for you window open
$Mandatory
Domnam comnnamam
idk why this guy doing everything with CLI, while you can do with GUI easily, in just 5 minutes....
If you have a DC without any gui it is practical to know the cli.
Also automatisation
I wrote a script to automate user creation and AD grouping for specific OU's took me about an hour but it saved me from entering 80 users manually for my project.
A shell is a shell is a shell.
There is Test-Computersecurechannel to check if computer is still trusted on domain and if trust is broken you restore it with Test-Computersecurechannel -repair -credential username/pw