Hey everyone! I have a customer who wants me to change the krbtgt password for their domain. It seems pretty straightforward based on the documentation, but since this is my first attempt at it, I want to hear from anyone who's done it before. Did you encounter any issues or side effects during the process? Any tips or best practices would be appreciated. Thanks a lot!
4 Answers
Definitely use the official script from Microsoft. It's important to run it twice, with a week in between, to ensure everything goes smoothly. The script has built-in validation checks that help keep your domain healthy.
Make sure to run the script with a Global Administrator account and give it at least 24 hours before running it again. It’s simple if you stick to the plan!
Just don’t rush it! Avoid changing the password twice in a short span; even 10 hours in between is a good rule of thumb. Otherwise, you might face issues with token expirations and other related hiccups.
Yeah, I’ve heard that waiting about 10 hours between changes tends to work best.
Just change the password, wait at least a week, and then change it again for extra safety. It's a pretty straightforward process if you follow the guidelines.
Are you talking about this script? https://github.com/zjorz/Public-AD-Scripts/blob/master/Reset-KrbTgt-Password-For-RWDCs-And-RODCs.ps1