I'm wondering if it's okay to reset the KRBTGT password through Active Directory Users and Computers (ADUC) a second time after waiting 24 hours. My setup is pretty small with just two domain controllers and no remote ones, plus under 150 clients. Is there anything specific I should keep an eye on aside from ensuring both DCs are online and that the replication is functioning properly? Are there any risks involved in doing this that I should be aware of?
4 Answers
I can definitely share parts of the SOP I created for our organization, which is also small. It's crucial to ensure Active Directory is healthy before making any changes, especially around replication. By the way, have you thought about using an AI for tips? They can offer solid recommendations!
I've had an issue with the Microsoft script method crashing one of my domain controllers due to an lsass error. Since then, I switched to using ADUC, and I haven’t faced any issues on about 30 resets since!
We’ve been using a PowerShell script for KRBTGT password resets and haven't had any issues with it so far. It’s definitely a reliable choice!
You should be good to go with resetting it through ADUC. Just make sure everything is looking healthy!
So the plan is just to check replication, do the reset in ADUC, wait a bit (around 24 hours), and then reset it again? That sounds pretty straightforward!