March 19, 2019 · How-To

Fix Trust Relationships for Macs Bound to Active Directory Using Centrify

The Problem

Sometimes computers bound to an Active Directory domain lose their trust relationship with it. This causes the computer (at least on Windows) to report:

"The trust relationship between this workstation and the primary domain failed".

However, while this exact scenario was what was occurring on one of our Macs using Centrify, we didn't know it, because the macOS loginwindow does not display these types of error messages.

The Solution

The first thing we usually try in this scenario is resetting the "computer machine password". This is the password that the computer itself uses to transparently authenticate to the domain in the background when a user logon occurs. But how could we do this using Centrify?

Using adkeytab, of course! (I kid. This is not an obvious name for this tool.) That said, running the command below should reset the computer machine password and restore the trust relationship.

adkeytab -r -u domainadminusername