將其中一邊的信任信任密碼重設Resetting a trust password on one side of the trust

適用於: Windows Server 2016、 Windows Server 2012 和 2012 R2、 Windows Server 2008 和 2008 R2Applies To: Windows Server 2016, Windows Server 2012 and 2012 R2, Windows Server 2008 and 2008 R2

如果樹系復原相關的安全性漏洞,使用下列程序將其中一邊的信任信任密碼重設。If the forest recovery is related to a security breach, use the following procedure to reset a trust password on one side of the trust. 這包括隱含信任之間子女和家長網域,以及明確信任之間這個網域 (信任的網域) 和其他網域 (受信任的網域)。This includes implicit trusts between child and parent domains as well as explicit trusts between this domain (the trusting domain) and another domain (the trusted domain).

重設密碼一端只信任網域信任,也就是連入信任 (一邊所屬這個網域)。Reset the password on only the trusting domain side of the trust, also known as the incoming trust (the side where this domain belongs). 然後,一端受信任的網域信任,也就是傳出信任使用相同的密碼。Then, use the same password on the trusted domain side of the trust, also known as the outgoing trust. 還原在每個 (信任) 網域中的第一個 DC 時,請重設密碼的撥出信任。Reset the password of the outgoing trust when you restore the first DC in each of the other (trusted) domains.

信任密碼重設,可確保 DC 不會複寫潛在錯誤 dc 外其網域。Resetting the trust password ensures that the DC does not replicate with potentially bad DCs outside its domain. 還原在每個網域中的第一個 DC 時設定信任相同的密碼,您確保,與每個復原網域控制站複製這個網域控制站。By setting the same trust password while restoring the first DC in each of the domains, you ensure that this DC replicates with each of the recovered DCs. 後續 Dc 網域中的復原安裝 AD DS,安裝程序期間,會自動複寫這些新的密碼。Subsequent DCs in the domain that are recovered by installing AD DS will automatically replicate these new passwords during the installation process.

將其中一邊的信任信任密碼重設To reset a trust password on one side of the trust

  1. 在命令提示字元中,輸入下列命令,,然後按 ENTER 鍵:At a command prompt, type the following command, and then press ENTER:

    netdom experthelp trust  
    
  2. 使用語法,此命令提供使用 NetDom 工具信任密碼重設。Use the syntax that this command provides for using the NetDom tool to reset the trust password.

    例如,如果有兩個網域森林中-父系和子女-並還原家長網域中的網域控制站在您執行這個命令,使用下列語法命令:For example, if there are two domains in the forest—parent and child—and you are running this command on the restored DC in the parent domain, use the following command syntax:

    netdom trust parent domain name /domain:child domain name /resetOneSide /passwordT:password /userO:administrator /passwordO:*  
    

    當您的子女網域中執行這個命令時,使用下列命令語法:When you run this command in the child domain, use the following command syntax:

    netdom trust child domain name /domain:parent domain name /resetOneSide /password:password /userO:administrator /passwordO:*  
    

    注意

    passwordT應該會在兩個側邊信任的相同的值。passwordT should be the same value on both sides of the trust. 一次執行這個命令 (和不同的是netdom resetpwd命令) 因為它會自動重設密碼兩次。Run this command only once (unlike the netdom resetpwd command) because it automatically resets the password twice.

後續步驟Next Steps