ADUC / DSMOD / NetDOM - Reset a DC

A question in the MS Press book (70-290) says that a DC is not replicating with other controllers. It says that the computer account needs to be reset. It then gives you the choices of :

1) Reset it in Active Directory Users and Computers
2) On the Domain Controller CMD using DSMOD
3) On the Domain Controller CMD using Netdom
4) Recovery console

The correct answer in the book is Netdom, but why couldn't I use DSMOD or ADUC?

Find more posts tagged with

SAVE $250 on Your Microsoft Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Microsoft Boot Camps

Comments

royal

Netdom is used to reset a Domain Controller computer account password (Computer accounts have passwords just as user accounts do). We just don't have a level of control over computer passwords as we do with user passwords. ADUC can be used to reset only a user account, workstation computer accounts, and member server computer accounts. The same goes for DSMOD. The ONLY way to reset a Domain Controller computer account, is by using NETDOM. The problem lies mostly that when you reset a computer account, you have to rejoin it to the domain. Now with a DC, it is what is hosting the domain, so it can't take advantage of a normal computer account reset. Therefore you have to use NETDOM in this instance to do a special computer account reset.

NETDOM RESETPWD Resets the machine account password for the domain controller
on which this command is run. Currently there is no support for resetting
the machine password of a remote machine or a member server. All parameters
must be specified.

http://support.microsoft.com/kb/260575