How do I reset a machine account password?
Like user accounts, machine accounts in a domain have passwords that change
automatically. The domain stores the previous and current passwords so that the
previous password is accessible for authentication in case someone changes the
current password but the domain controller hasn’t yet fully replicated the
If a password changes twice, the computers that use the password might be
unable to communicate. In this case, you would receive an error message (e.g.,
the error message Access Denied when Active Directory—AD—replication
occurs). Passwords can also be out of sync during replication between domain
controllers in the same domain.
You can manually change a machine account password. You must use the Microsoft
Windows 2000 Resource Kit’s Netdom tool rather than the Active Directory
Users and Computers snap-in. Netdom is in Win2K’s Support\Tools folder. To
reset a machine account password, enter
C:\>netdom resetpwd /server:<servername>
After you enter the command, you’ll see the following.
Type the password associated with the domain user:
The machine account password for the local machine has been successfully reset.
The command completed successfully.
You need to run this Netdom command on the machine for which you want to change
the password. The server must be a domain controller in the domain, and the user
must have a domain account with administrative privileges over the machine
account whose password you’re changing.
You need to restart the machine for the password change to take effect.
Simultaneously resetting the password on the local machine and a domain
controller ensures that the two computers involved in the operation are
synchronized, and starts AD replication so that other domain controllers receive
Windows Privacy Tools - http//www.privacywindows.com