In active directory consist of objects. These objects are users, computers, OU (organizational units) etc. Each computer objects have a secure channel with their Domain controller. Over this secure channel the workstation and the DC (domain controller) are able to talk each other. In WIN2000 the computer account objects change their secret password every 30 days, old NT days this was done every 7 days. If for some reason the computer account is reset (domain admin reset it) Microsoft gives us the ability to reset that secure channel by using Netdom.exe.
Go to Joe's site (www.joeware.net) and locate WIN32 tools, this way we can tell the last
time that the computer changed its 'secret password'
- Each Windows-based computer maintains a machine account password history containing the current and previous passwords used for the account. When two computers attempt to authenticate with each other and a change to the current password is not yet received, Windows then relies on the previous password. If the sequence of password changes exceeds two changes, the computers involved may be unable to communicate, and you may receive error messages (for example, "Access Denied" error messages when Active Directory replication occurs).
- Resetting a computer account breaks that computer's connection to the domain and requires it to rejoin the domain. In my scenario this was done on Exchange server. The computer account was reset and there was no way to log into the server, except server itself locally. Taking the server out from domain rebooting it, adding the server back to the domain worked. All exchange services were up and running after joining to domain with same name. Remember renaming Exchange will break the exchange and there will be no way to bring exchange back to the live from death, this is of course not supported by Microsoft.
Truthfully speaking, if I had to speculate, I would think resetting computer account for exchange would screw the exchange server. Taking the Exchange out from domain and adding it back is kind of worrying process especially in the production environment. Since I had no choice and little time to bring the exchange back online, I moved forward taking the server out fro domain and adding it back to the domain and saw all worked well Exchange server is up and running