Fix Trust Relationships for Macs Bound to Active Directory Using Centrify
Sometimes computers bound to an Active Directory domain lose their trust relationship with it. This causes the computer (at least on Windows) to report:
"The trust relationship between this workstation and the primary domain failed".
However, while this exact scenario was what was occurring on one of our Macs using Centrify, we didn't know it, because the macOS
loginwindow does not display these types of error messages.
The first thing we usually try in this scenario is resetting the "computer machine password". This is the password that the computer itself uses to transparently authenticate to the domain in the background when a user logon occurs. But how could we do this using Centrify?
adkeytab, of course! (I kid. This is not an obvious name for this tool.) That said, running the command below should reset the computer machine password and restore the trust relationship.
adkeytab -r -u domainadminusername