Fixing “the trust relationship between this workstation and the primary domain failed” without leaving the domain or restarting.

Sometimes you’ll find that for any one of a multitude of reasons, a workstation’s computer account becomes locked or somehow otherwise disconnected from the actual workstation (say, if a machine with the same name joins the network, or if it’s been offline for a very long time). When you try to log on to the domain you’ll get a message that states:


“the trust relationship between this workstation and the primary domain failed”


Now, what I would normally do in this situation is un-join and re-join the workstation to the domain, which works, but creates a new SID (Security Identifier) and can therefore break existing trusts in the domain with that machine, and of course it requires a reboot. So if you don’t want to reboot, and you don’t want to break existing trusts, do this:


Use netdom.exe in a command prompt to reset the password for the machine account, from the machine with the trust problem.


netdom.exe resetpwd /s:<server> /ud:<user> /pd:*

<server> = a domain controller in the joined domain

<user> = DOMAIN\User format with rights to change the computer password


* = the domain user password


That should do it, in *most* cases.

Find mailboxes that are set to automatically forward email in Exchange 2010

Every time someone leaves your organisation, you’ll probably need to forward their mail to another mailbox, but over time this can get disorganised and messy. Use the below command to extract a .csv formatted table of mailboxes that have a forwarding address:

Get-Mailbox -resultsize 6000 | Where {$_.ForwardingAddress -ne $null} | Select Name, ForwardingAddress, organizationalunit, whencreated, whenchanged, DeliverToMailboxAndForward | export-csv E:\forwardedusers.csv

I set a limit of 6000 because we have almost that many mailboxes, and the limit in this case is the number of mailboxes this will query, rather than the number of actual results. I’m sure this means that there’s a more efficient way of running this query, but it’s not like you’re doing this every day, so it doesn’t really matter.

Once you’ve got this information, you might want to match this up with further details about the users that own these mailboxes. Use the Active Directory powershell tools with Server 2008 to extract this information.

Fire up a powershell on a domain controller (or remotely), and run “import-module activedirectory”.

Then execute:

Get-Aduser -SearchBase "DC=yourdomain,DC=local" -properties SamAccountName,description | export-csv c:\allusers.csv

At the “Filter:” prompt, type:

name –like “*”

Than get this data into excel in two different worksheets.

Use the VLOOKUP tool to compare the two worksheets (in a third one), and collate the fields for the user’s name, forwarding address, and description:

In your “working worksheet” make the first column pull the display name from the mail worksheet, then name the second column “description” (this is what I’m looking for, anyway), and the third columns can be any other data you’d like to show, such as OU, modified dates, or suchlike.

In the description column, enter:


“mail” refers to the worksheet containing data extracted from Exchange, and A2 should be the first user’s Name field (copy this downwards to that you’re looking up A3, A4, A5, etc.

“allusers” refers to the Active directory information worksheet – so in this case it will attempt to match the mail A2 field with anything in the D column in allusers (this being the first column in the $D:$E array, and will then return the corresponding value from the E column in allusers (because I’ve specified “2”, which in my case is the description field.) The FALSE bit at the end ensures that you’re searching for an exact match.

Copy this formula down along with the list of users that have email forwarding enabled, and you’ll have a list of forwarded users along with their names, descriptions, modified dates, OUs, and any other data you like.

Today’s illegal downloaders are the entertainment industry execs of the future.

The entertainment industry has been slow to embrace the internet, and it’s fair to say that it still hasn’t got its head around a business model that enables consumers to purchase music and films at a reasonable price, online, and without heavy-handed restrictions on use.

itunes was (is) only successful because it’s easy to use. For people with one computer, one iphone or ipod, and an itunes account, it’s the easiest way in the world to purchase music and film downloads online. However, if you have more than one computer, and/or more than one playback device, the DRM imposed upon itunes downloads restricts your use and enjoyment of your purchase measurably. The alternatives are to use Amazon,, or another DRM-free download outlet, or simply use a P2P “illegal” download service. Frequently, due to the technology behind P2P / torrent downloads, it’s also the quickest way to get hold of digital media. This is patently absurd. I can think of no other product where the “free” version is easier to get hold of and easier to use than any paid-for option.

Note: I’m not endorsing illegal downloading, simply stating that if it’s as easy, or easier, than paid-for downloads, people are going to do it. Make paid-for downloads more attractive by removing DRM, introducing an easy, more universal, very fast method of purchase and download, and look at other ways of adding value (bonus content, concert tickets, graphics and other media), and people will pay for them.

The music and film industry simply don’t understand the new business models, or are not willing to change their own. Instead, they foist anti-piracy adverts onto rental and purchased DVDs (Why?! I’ve just paid for it after all.), they add DRM to their own products, making them more difficult to use (the king of “anti-features”), they hunt down file-sharers and threaten them with court cases, and they insist on sticking by their mantra that one illegal download equals one lost sale (if you were let loose in a sweet shop and told it was all free, you’d grab more than if you were paying for the stuff, right?).

Of course, it’s not all bad. The people that are using P2P and torrent technology to acquire digital media today are the business and entertainment industry executives of the future, and they will understand this technology and these business models better than anyone in the industry at the moment. Maybe we’ll soon see a fresh wave of new businesses, new record labels, new legal download outlets, and an industry that sees its customers as valued clients, rather than a thorn in its side.