Top tip when using Active Directory: always keep the credentials for a local administrator in a password manager somewhere disconnected from your main environment. When the day comes (and it will come) that you’re greeted with the following screen at logon, the fix will take five minutes rather than five hours.
When a Windows machine is domain joined, it has a machine password that is changed, by default, every 30 days. If the machine is powered off or disconnected from the domain environment (think laptops or network issues) and the password isn’t successfully changed, well, you know why you’re here.
Oh, p.s, the machine password interval can be set in group policy and is found here
Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Domain member: Maximum machine account password age
To fix, login with a local administrator. If the domain name doesn’t default to the machine name, when not using the administrator account for example, prefix the username with .\ like so
.\Username
Launch Powershell as an administrator, run the following, then enter domain credentials
$credential = Get-Credential
Followed by (replacing ad01 with the host name of your nearest domain controller)
Reset-ComputerMachinePassword -Server ad01 -Credential $credential
If all goes well, Powershell will return nothing, because it’s rude like that, but log out and domain credentials should work as before.
This worked for me, thanks!
main thing if two servers are related then we need to shut down one server and then use powershell command $credential = Get-Credential
Reset-ComputerMachinePassword -Server ad01 -Credential $credential