Hello! I'm looking for recommendations on how to reset the KRBTGT password for an old domain. There are countless scripts and guides available, and it's a bit overwhelming. One script I found hasn't been updated since 2020, and I'm not sure if it's still valid or effective. I also came across a newer one that isn't officially from Microsoft. Which script do you think is the best option?
5 Answers
We regularly use the New-KrbtgtKeys.ps1 script for our resets. It’s been reliable for us.
In my experience with larger companies, we do this every six months, too. Currently working on bringing this process from development to production, and we stick with the New-KrbtgtKeys.ps1 script.
Microsoft suggests resetting the KRBTGT password every six months for security reasons. However, they don’t provide a solid guide on how to do it properly. For straightforward setups, you might just be able to right-click the KRBTG account and reset the password. After that, it’s smart to do it again after 24 hours.
If your Active Directory is in good shape, you might not even need a script! You can just open the run box, mash your keyboard for a random string, and then paste that into the ADU&C UI to reset the password.
There's a bit of irony here—if you need a script to reset the KRBTGT password, you might want to reassess if you should be handling these tasks at all. You should really have your AD replication health validated before making any changes.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures