Reset Trust Relationship for Domain Computer

When a computer somehow loses the trust relationship with the domain (for instance when longer than 30 days not connecting to the domain, or in a virtual environment returning to a snapshot) the usual steps you have to take are:

  1. Get the computer out of the domain to a workgroup (remember the local admin password!)
  2. Reboot
  3. Rejoin the domain
  4. Reboot

With powershell to the rescue it is an easier process:

Test-ComputerSecureChannel -Repair -Credential YourDomain\AdminUser

From the get-help




Tests and repairs the secure channel between the local computer and its domain.


Test-ComputerSecureChannel [-Credential [<PSCredential>]] [-InformationAction {SilentlyContinue | Stop | Continue | Inquire | Ignore | Suspend}] [-InformationVariable [<System.String>]] [-Repair] [-Server [<String>]] [-Confirm] [-WhatIf] [<CommonParameters>]


The Test-ComputerSecureChannel cmdlet verifies that the secure channel between the local computer and its domain is working correctly by checking the status of its trust relationships. If a connection fails, you can use the Repair parameter to try to restore it.

Test-ComputerSecureChannel returns “True” if the secure channel is working correctly and “False” if it is not. This result lets you use the cmdlet in conditional statements in functions and scripts. To get more detailed test results, use the Verbose parameter.

This cmdlet works much like NetDom.exe. Both NetDom and Test-ComputerSecureChannel use the NetLogon service to perform the actions.


Online Version:






To see the examples, type: “get-help Test-ComputerSecureChannel -examples”.

For more information, type: “get-help Test-ComputerSecureChannel -detailed”.

For technical information, type: “get-help Test-ComputerSecureChannel -full”.

For online help, type: “get-help Test-ComputerSecureChannel -online”

Leave a Reply

%d bloggers like this: