Member Server - Machine Account Questions
hi all,
i'm looking @ joining 2008r2 server (that needs cloned testing every , again) domain. understand member server sets machine account password, not dc. want know how can find out on member server when member server itself believes password last set (and therefore when change next). preferably i'd in method can script.
secondly, server backed entire vm. understand member server has copy of old machine account password, , can attempt authenticate (for when machine account password change has not propagated through domain). domain have copy of old password in case of vm has been rolled before single machine account password change?
(yes have read: https://blogs.technet.microsoft.com/askds/2009/02/15/machine-account-password-process-2/)
regards,
david
q1: query pwd-last-set attribute of machine account verify that. date , time password account last changed. useful cmdlet get-adcomputer, please see details from: https://technet.microsoft.com/en-us/library/ee617192.aspx
q2: password stored in computer account object in unicodepwd (current password) , lmpwdhistory (previous password) attributes in ad. in way, if computer changes password (excluding domain join) @ dc1 , attempts authenticate @ dc2 prior replication of new password, computer should still able logon old password.
regards,
wendy
please remember mark replies answers if , un-mark them if provide no help. if have feedback technet subscriber support, contact tnmff@microsoft.com.
Windows Server > Directory Services
Comments
Post a Comment