廣告樹系修復-krbtgt 密碼重設AD Forest Recovery - Resetting the krbtgt password

適用於: Windows Server 2016、 Windows Server 2012 和 2012 R2、 Windows Server 2008 和 2008 R2Applies To: Windows Server 2016, Windows Server 2012 and 2012 R2, Windows Server 2008 and 2008 R2

您可以使用下列程序來重設網域 krbtgt 密碼。Use the following procedure to reset the krbtgt password for the domain. 下列程序適用於寫入 Dc,但不是唯讀網域控制站 (Rodc)。The following procedure applies writeable DCs, but not read-only domain controllers (RODCs).

重要

如果您打算復原 Rodc online 樹系復原時,請勿 krbtgt 帳號 rodc。If you plan to recover RODCs online during the forest recovery, do not delete the krbtgt accounts for the RODCs. RODC krbtgt 負責格式 krbtgt_ 中列出的號碼The krbtgt account for an RODC is listed in the format krbtgt_number.

如果您使用 DC 自訂的密碼篩選器 (例如 passfilt.dll),您可能會收到一則錯誤當您嘗試重設 krbtgt 密碼。If you use a customized password filter (such as passfilt.dll) on a DC, then you might receive an error when you try to reset the krbtgt password. 如需詳細資訊,包括因應措施,查看 Microsoft 知識庫文章 2549833 (http://support.microsoft.com/kb/2549833)。For more information, including a workaround, see Microsoft Knowledge Base article 2549833 (http://support.microsoft.com/kb/2549833).

若要重設 krbtgt 密碼To reset the krbtgt password

  1. 按一下[開始],指向 [ [控制台],指向 [系統管理工具],,然後按一下Active Directory 使用者和電腦Click Start, point to Control Panel, point to Administrative Tools, and then click Active Directory Users and Computers.
    1. 按一下檢視,然後按進階功能Click View, and then click Advanced Features.
  2. 在主控台按兩下網域控制站,,然後按一下使用者In the console tree, double-click the domain container, and then click Users.
  3. 在詳細資料窗格中,以滑鼠右鍵按一下krbtgt帳號,並再按重設密碼In the details pane, right-click the krbtgt user account, and then click Reset Password.
    重設密碼
  4. 新密碼,輸入新密碼,請重新輸入密碼確認密碼,然後按一下 [ [確定]In New password, type a new password, retype the password in Confirm password, and then click OK. 因為,系統將會產生自動不受影響的密碼,您可以指定穩固密碼不重要指定的密碼。The password that you specify is not significant because the system will generate a strong password automatically independent of the password that you specify.

    注意

    您應該先執行此作業兩次。You should perform this operation twice. 密碼歷史的 krbtgt 帳號為兩個,表示它包含兩個最新的密碼。The password history of the krbtgt account is two, meaning it includes the two most recent passwords. 重設密碼兩次您有效清除任何歷史從舊的密碼,,就不另一個俠將複製這個網域控制站的舊的密碼。By resetting the password twice you effectively clear any old passwords from the history, so there is no way another DC will replicate with this DC by using an old password.

後續步驟Next Steps