none
Windows 7: Trust Relationship Error - Local Administrator Account Locked.

    Question

  • I have 2 Windows 7 Professional machines that recently locked me out citing the "Trust Relationship between this workstation and primary domain failed".  I assumed all I would have to do is log in as local administrator and remove it from the domain and then re-add it.  When I tried to log on, it told me that I have the password was incorrect - which I knew it wasn't.  After a few tries I got a different message that said that the account was locked.  No idea how this could have happened.  Every other local account was locked as well.

    I checked the AD on our 2003 server and I didn't see anything out of the norm.  The computers were in the correct OU, and were not disabled in anyway.  I searched online for a solution, but they all required me to be able to log on to the local admin, which is disabled.  

    I tried to boot to Safe Mode with a Command Prompt and typed in: net user administrator /active:yes .  It told me that the change had been made, but when I reboot it still shows the local account as disabled.

    Any suggestions would be greatly appreciated.  

    Edit: It is Windows 7 Professional x64 
    • Edited by SlumSlum Wednesday, October 05, 2011 2:23 PM
    Wednesday, October 05, 2011 1:54 PM

All replies

  • No luck again today.  I restarted my Domain Controller and cleared the leases trying to get them to log on.  
    Thursday, October 06, 2011 2:42 PM
  • slumslum,

    Unjoin the machine from the domain and then rejoin it agian this should do the trick.

    See this link howto join your machine
    http://helpdeskgeek.com/windows-7/windows-7-join-domain/

    Kind Regards
    DFT


    IM me - TWiTTer: @DFTER
    Friday, October 07, 2011 6:27 AM
  • I would normally do this, but you over looked the part where I said that it will not allow me to log in under any user... including the administrator account.  
    Tuesday, October 11, 2011 2:03 PM
  • My apologies english is not my native langauge and sometimes i skip some import parts ;) .

    Is it possible to create a new user with administrator priveliges and use this account to unjoin the machine?
    Kind Regards
    DFT
    IM me - TWiTTer: @DFTER
    Tuesday, October 11, 2011 2:14 PM
  • I have had problems with this issue too. I am interested to see what people do to fix this up. I ended up reimaging (which I HATE doing, but it was the only thing that seemed to work for me)
    Tuesday, October 11, 2011 4:08 PM
  • check the group policies once.. is the computer restricted from logging into the domain ?
    Regards, h9ck3r.
    Wednesday, October 12, 2011 6:29 AM
  • I tried to add a user, in the Repair CMD, and it appared to work.  When I restarted the computer and tried to log in with it, it tells me the account is locked.  I went back and tried to make it active, and it said that it did, but when I tried to log in again it said it was still locked.

    Thursday, October 13, 2011 3:18 PM
  • Nope, the policy is the same as the other 20 machines - I don't see any issues there.  
    Thursday, October 13, 2011 3:19 PM
  • I tried to go into safe mode /w networking, but when I do it shows the login box and just restarts on it's own.  Tried it 3 times and each time it restarted as soon as it gave me the ability to login.  
    Thursday, October 13, 2011 6:35 PM
  • I am having the same issue with  Windows 7 Pro machines.  I have a new computer that I installed less than a month ago that has lost trust with the domain and has locked down the local admin profile. 

    One AD profile installed on the computer is still able to log on but if I try to run anything as Admin, it asks for my password and denies me administrator privileges either due to domain issues or profile has been locked down.  

    Friday, October 21, 2011 1:46 PM
  • Is there still really no solution for this?
    Wednesday, November 02, 2011 1:47 PM
  • I just had this issue this morning. First I unplugged the network cable and then I restarted the machine. When I was prompted to login, I logged in with an AD account that has admin priviledges. The account has recently logged into the machine and has already cached its credentials before it lost its trust relationship. Since I pulled the network cable the PC could not validate its connectivity to the domain and allowed the cached admin credentials. Once in I unlocked the local admin account, restarted and rejoined the domain.

     

    Hope this helps.

    Wednesday, November 02, 2011 6:45 PM
  • Use this command to get back in you domain once again....

    netdom.exe  resetpwd  /s:<server>  /ud:<user>  /pd:*

    <server> = a domain controller in the joined domain

     

    <user> = DOMAIN\User format with rights to change the computer password

    • Proposed as answer by AmitCEH Wednesday, September 12, 2012 11:11 AM
    Wednesday, September 12, 2012 11:11 AM
  • I have had this issue twice as well. However I have been always been able to log in with local admin rights. removing then rejoining to domain seems to never get things back to normal for me. Once it is reset and joined back to the domain all software just seems to be missing but still there at the same time. Like Antivirus shows its installed in c:\program files but its not running. If I go to domain users start menu everything is missing but go into c:\program files and its all there. So every time I have seen this error a reimage is what I do seems to work a lot better than dealing with the head aches. Sorry I was not any help but that is my two cents.

    Wednesday, September 12, 2012 8:12 PM