<< Back to Script Library
Repair machine-domain trust relationship
There are many situations for which a machine (server OS or workstation) will lose domain trust.
If the ControlUp agent is installed on the machine, this script will execute locally and repair the domain trust. Domain credentials with permission to reset the computer account must be provided.
If the ControlUp agent is installed on the machine, this script will execute locally and repair the domain trust. Domain credentials with permission to reset the computer account must be provided.
Version: 1.2.7
Created: 2020-05-06
Modified: 2020-05-07
Creator: marcel.calef
Downloads: 276
Tags: citrix domain machine account PVS
Created: 2020-05-06
Modified: 2020-05-07
Creator: marcel.calef
Downloads: 276
Tags: citrix domain machine account PVS
The Script
Copy Script
Copied to clipboard
<#
.SYNOPSIS Repair trust relationship between a machine and the domain
.DESCRIPTION
There are many situations for which a machine (server OS or workstation) will lose domain trust.
If the ControlUp agent is installed on the machine, this script will execute locally and repair the domain trust.
Domain credentials with permission to reset the computer account must be provided.
.EXAMPLE repair-domain-trust.ps1 -userName "Domain\user" -userPassword "clearTextPasswd"
.CONTEXT Machine
.CREDIT
https://thinkpowershell.com/fix-trust-relationship-workstation-primary-domain-failed/
.MOD_HISTORY
2020-05-05 - Marcel Calef - created
#>
[CmdLetBinding()]
Param (
[Parameter(Mandatory=$true,HelpMessage='Domain user with admin rights')][ValidateNotNullOrEmpty()] [string]$userName,
[Parameter(Mandatory=$true,HelpMessage='clear text password')][ValidateNotNullOrEmpty()] [string]$userPassword
)
Set-StrictMode -Version Latest
$ErrorActionPreference = "Stop"
$VerbosePreference = "continue"
# Convert to SecureString and create PSCredential object
[securestring]$secStringPassword = ConvertTo-SecureString $userPassword -AsPlainText -Force
[pscredential]$cred = New-Object System.Management.Automation.PSCredential ($userName, $secStringPassword)
Write-Output "Test-ComputerSecureChannel result before repair:"
$trustOK = Test-ComputerSecureChannel -Credential $cred
if ($trustOK -like 'True'){Write-Output "Trust test passed, no need to repair"; exit }
# Run repair command up to 5 times or until the repair is succesful
$i = 0
if ($trustOK -like 'False' -and $i -le 4){
sleep 1
Write-Output "Trust test failed, need repair"
$repairAttempt = Test-ComputerSecureChannel -Credential $cred -Repair
if ($repairAttempt -like 'True'){Write-Output "Repair worked"; $i = 5}
$i++
}
sleep 5
Write-Output "Running Test-ComputerSecureChannel again"
Test-ComputerSecureChannel -Credential $cred 
EN 
DE