A computer account is used to setup communication between the domain members and domain controllers. If the passwords on the domain member and the domain controller do not match, communication is impossible. The password is set the first time when the computer joins the domain. After this, it is reset on Windows 2000 every 30 days. You can change this interval via three options :
| Add registry entry HKLM\System\CurrentControlSet\Services\Netlogon\Parameters\DisablePasswordChange and set it to 1 on the Windows 2000 Professional installations. This will prevent future password changes initiated by the workstation after the reboot. |
| Add a registry entry HKLM\System\CurrentControlSet\Services\Netlogon\Parameters\RefusePasswordChange and set it to 1 on the Windows 2000 domain controllers. (First BDC's, than PDC) This will prevent the domain controllers from accepting computer account password changes after a reboot. |
| Add the registry entry HKLM\System\CurrentControlSet\Services\Netlogon\Parameters\MaximumPasswordAge on the workstations and the servers to specify the password reset interval. After the change, reboot the machines. |
You can reset the computer account via netdom.exe and the Active Directory Users and Computers.
Last update: 2 June 2001