Fixing login problems - Windows Tutorial

- [Narrator] You might occasionally run into a situation in which a Windows 11 machine falls out of sync with an active directory domain. This typically happens as a result of a machine being restored from backup or having a checkpoint applied. So let's take a look at what the situation looks like and what you can do about it. So I'm going to try to log into this machine and I'll enter my password. And so when I do, you can see that I get an error message saying that the trust relationship between this workstation and the primary domain failed, and I'm unable to log in as a result of that problem. So let's go ahead and fix this problem. I'm going to go ahead and click okay, and then I'm going to switch over to a different machine. So here I am on a different machine and I've got the Active Directory users and Computers console open. If you're not familiar with this console, it's used to manage user accounts and computer accounts within the active directory. So what I'm going to do is expand the listing for my active directory domain. And then you can see that we have several different containers beneath this. The user's container contains all of the user accounts for the active directory domain, and the computer's container contains a list of all of the computer accounts. And so right here, WIN11D, this is the one that we're having trouble with. Now, the thing that a lot of people don't realize is that Active Directory computer accounts have passwords associated with them, just like active directory user accounts do. And these passwords aren't anything that you typically have to manage. They get rotated automatically on a periodic basis, and the process is completely transparent. So typically, you would never even see this. So what can happen is you may run into a situation in which the active directory rotates a password and then someone restores a backup. And when they restore that backup, they restore an older version of Windows 11 that had a completely different active directory password. So at that point, there's a password mismatch between the Windows 11 machine and the active directory domain. And that password mismatch is what causes the problem that you saw a moment ago. So the first thing that we need to do in order to fix this is to right click on the computer account, and then I need to choose the reset account command from the shortcut menu. So I'll click Reset account. At this point, I'm asked, are you sure you want to reset the computer account? I'll click yes, and the account was reset. So I'm going to go ahead and click okay, and then I'm going to switch over to the other machine. So here I am back on the machine that was having problems, and let's go ahead and try to log in. And when I enter my password, you can see that we still get that error message because remember, the problem stems from a password mismatch. So we reset the password at the active directory level, but this particular machine still has the old password. So that password mismatch still exists. So what I'm going to do instead is log in with a local account. I'll click okay, I'll click other user, and then I'll enter the local machine name and then my username and my password. And so now I'm being logged in with a local user account. So what I need to do is right click on the start button and then go to System, and then click Domain or Work Group. And then I need to click the network ID button. So now I'm going to set this back to home computer mode. So I'm going to choose the, this is a home computer, it's not part of a Business Network option. I'll click Next. And then I need to click finish and click okay. And I'm prompted to restart the computer, so I'm going to reboot the computer and then we'll pick it up here in just a second. Okay, so the system has rebooted, and what we've done up to this point is to remove the machine from the Active Directory domain. So now we have to rejoin it to the active directory. So what I'm going to do is right click on the start button, I'll go to System, and then I'll click Domain or Work Group. I'll click Network ID, and then I'm going to choose the this computer as part of a business network option. And click Next. Then I'm going to tell Windows that my company uses a network with a domain. And click next. Now I'm presented with a bit of information about what's required in order to join the domain. I'll click next. And now I'm asked for the account that I use to log into Windows. This isn't necessarily the same account that you use to join the machine to the domain that comes later, but because I'm working in a lab environment, I don't have any user accounts set up other than the ones that are created by default. So I'm just going to go ahead and enter administrator. I'll enter my password and the domain name, and I'll click next. And so Windows finds the account and asks if I want to use this. I'm not going to worry about using this, so I'm going to click no. So at this point, I'm prompted to enter my computer name and the domain name, and you can see that those are filled in automatically. These appear to be correct, but it's a good idea to check them because every once in a while Windows does get them wrong. I'm going to go ahead and add a .com to POSEYLAB, and then I'll click next. And so at this point, I'm prompted to enter my administrative credentials. These are the credentials that are actually used to join the active directory domain. So I'll enter administrator as the username. I'll enter my password, and then I'll enter the name of my domain and I'll click okay. And I'm ask if I want to add the administrator account to this computer. I'll go ahead and allow that and click next. I'm going to set this as an administrative account. And click next and click finish. And I'll go ahead and close this out and click okay. And now we're prompted to restart the machine once again. So I'm going to pause the video, I'll reboot the machine, and we'll pick it up here in just a second. Okay, so Windows has rebooted. Let's go ahead and try to log in. I'll enter my password, and now I'm allowed to log in as opposed to getting the error message that I was getting earlier. And you'll notice the windows does go into a bit of a setup, and this is just because we removed the account and we remove the machine from the domain and then we added it back in. So there's just a little bit of setup work that Windows has to do in order to complete the process. But once all of this finishes, you'll see that we arrive at the Windows desktop, and here we are at the Windows desktop. So we fixed the login problem.