How to restore the health of AD domain?

Is Windows Server 2012r2 on it raised the domain controller. A week ago something happened that is unknown I never had to ask nobody. When I got a network with 100 PC's(all in the domain) some of which may not logs either locally or on RDP server. Locally treated prevzatie to the domain, but RDP servers can not do so. Tell me how to fix it?
Error when logging on to RDP server
Errors in server Manager, AD
March 19th 20 at 08:42
4 answers
March 19th 20 at 08:44
Officially it is the case Microsoft decides only privedenie machine to the domain. Unfortunately, this is the only right way - all other artisanal methods may work, may not on a random machine (the vast majority of cases - no). That could happen - the like - power failure, system error on the controller led to the reboot. During booting, there was a restoration of a machine on the latest available recovery point, because it goes to the default the next time you turn nepredvidjeno after the failure. This point was probably quite long-established, and the number of computers that have updated not so long ago the password was in the restored database HELL with the old passwords respectively, lost the trust of the controller, as put wrong passwords. It is solved only perevodom machine to the domain. You only have one domain controller?
There is another replication domain - Willie_Lars commented on March 19th 20 at 08:47
@Willie_Larscan be a little bit more about domain replication? What do you mean? - jaclyn commented on March 19th 20 at 08:50
March 19th 20 at 08:46
Under the local admin execute on the problematic computer:

Netdom resetpwd /Server:DomainController /UserD:Administrator /PasswordD:Password

Server - the name of the domain controller
UserD - account name administrator domain
PasswordD password of the domain administrator

If the system is on a Windows host 8 and above, it is possible via PowerShell, also under a local administrator:
Reset-ComputerMachinePassword -Server DomainController -Credential Domain\Admin

Server - the name of any domain controller
Credential is the name of the domain / administrator account domain

To run the code remotely, you can do this:
Invoke-Command -ComputerName XXX-ScriptBlock {Reset-ComputerMachinePassword -Server DomainController -Credential Domain\Admin} -Credential HOSTNAME\Admin

XXX - the name of the host computer can be any IP
HOSTNAME\Admin - HOSTNAME the hostname of the local machine, Admin - local admin account

Just in case, open the remote access to the machine, it is necessary for her to run (or apply group policy):
winrm qc
Set-ExecutionPolicy RemoteSigned
March 19th 20 at 08:48
it is possible to try to recreate a list of computer names in HELL!
What is it like? - Nadia_Keebler commented on March 19th 20 at 08:51
March 19th 20 at 08:50
netdom.exe resetpwd
You can try to reset the password of the server in that domain cannot login via nltest
Keys guglani
Try - Willie_Lars commented on March 19th 20 at 08:53

Find more questions by tags Windows ServerSystem administrationActive Directory