Hello All,
I Have 2 questions related to resetting the Krbtgt account password in a Domain, of which there are 2 main PS scripts (as you know) out on TechNet & GitHub - "New-CtmADKrbtgtKeys.ps1" & "Reset-KrbTgt-Password-for-RWDCS-And-RODCS.ps1 (now shown on GitHub as Reset-KerberosServiceV2.ps1)". These are both authored & enhanced by Jared Poeppelman (Microsoft) & Jorge de Almeida Pinto (MCC & MVP):
1) Although I'm leaning towards using the "Reset-KerberosServiceV2.ps1" script in my Domain, it's v2.5 was updated on 2020-02-17, while the "New-CtmADKrbtgtKeys.ps1" script was updated on 2020-05-14. Since both Jared & Jorge seem to be involved in the writing/updating of both scripts, which one is the latest & "better" one to use? I apologize in advance for not being a PS expert, so I can't effectively extrapolate the contents of the 2 scripts for a successful comparison. I'm looking for an explanation as to the differences, & which script is the recommended one to use.
2) We'll be running this script in our On-Prem Domain (Hybrid w/ Azure), which is a School District. Of course, due to Covid, most of the students & teachers are remote teaching/learning from home. Some teachers use VPN, but none of the students do - most have not been on the Local Domain since April. Is it recommended & safe to change the Kerberos account password on our On-Prem Domain Controllers while most users are off-site? We do not want to cause any potential issues that may impact users while they are off-site, as well as when they return on-site.
Any & all recommendations would be most appreciated - thank you!