Hello everybody!
There is a task of scheduled password reset for the KrBtGt account in the Active Directory domain. I have never had to do this procedure.
Please tell me if there are any conditions for this action, maybe there is an article when it is possible to do this, and when it is not recommended?
Thanks!
Hi,
The KRBTGT password should be reset twice.
Before perform the first reset you should check the replication health of all domain controllers in the domain.
After the first reset , you should wait at least 10 hours to be should that all kerkeros tickets already delivered before the first reset are expired and renewed. If you don't respect this delay you can face authentication issue.
You can use the script below to reset the krbtgt for RODC and RWDC. You should test it before deploy it in production environment.
To reset KRBTGT password you can use the following script mentioned on this link :
This link will help you to have more details about the what the script can do:
krbtgt-account-password-reset-scripts-now-available-for-customers
Please don't forget to mark helpful reply as answer
19 people are following this question.
