No, not the Big O’s hit (if you don’t know who the Big O is, ask your parents <g>), but the dreaded:
Hmmm, lost/corrupted/hosed the secure channel. What next? I know, logon locally, take the computer out of the domain, put it into a workgroup, then restart, rejoin the domain, restart yet again; all is sweet! Nope, bzzzzt! Fail. It looks like it has worked, but what you have most probably done in the background is destroyed the original SID (Security IDentifier) of the computer and created a new computer object in the domain; all group memberships, ou membership, SCCM 2012 object history … gone!
The more correct way? Read on. First, go to your Admin tools; either ADUC (Active Directory Users and Computers) or ADAC (Active Directory Admin Center – new from Windows Server 2008R2 on), right-click the offending Computer object and Reset Account! This sets the computer password to computername$ and allows the computer to reset that password when the secure channel is restored. Next, logon locally:
Then, open an Administrative PowerShell prompt:
Uh oh … more red hints, I see lots of these, deliberate errors I tell my students (well, that’s what my old sergeant said in the Army!). Lets try that using the correct command:
That’s better! Supply the correct credentials, and:
The returned value is Boolean, True means all is working, we’ve rejoined the domain and have preserved the SID, the object history in SCCM and all is sweet, until next time.
If you want to do this remotely (certainly saves walking, or in the worst case, driving to the workstation, refer to this TechNet tip: http://technet.microsoft.com/en-us/magazine/ff700227.aspx
get IT right!