Reset the krbtgt and krbtgt_AzureAD password

krbtgt

Use this Script https://github.com/microsoftarchive/New-KrbtgtKeys.ps1/blob/master/New-KrbtgtKeys.ps1

Reset to random password ( doesn’t matter as it will reset by itself )

Wait 10 hours then reset again

AD Forest Recovery – Reset the krbtgt password | Microsoft Learn

krbtgt_AzureAD

# Enable Global Administrator to rotate the Kerberos server key
# Requires PowerShell 5.1 or later

# Automatically install the AzureADHybridAuthenticationManagement module if not already installed
if (-not (Get-Module -ListAvailable -Name AzureADHybridAuthenticationManagement)) {
    Write-Host "AzureADHybridAuthenticationManagement module not found. Installing..." -ForegroundColor Yellow
    Install-Module -Name AzureADHybridAuthenticationManagement -Scope CurrentUser -Force -AllowClobber
}

# Import the module
Import-Module AzureADHybridAuthenticationManagement -Force

# Get the current on-premises Active Directory domain
$domain = $env:USERDNSDOMAIN

if (-not $domain) {
    Write-Error "Could not detect domain. Are you running this on a domain-joined machine?"
    exit
}

# Prompt for Domain Administrator credentials
Write-Host "Please enter Domain Administrator credentials for $domain" -ForegroundColor Cyan
$domainCred = Get-Credential -Message "Domain Administrator credentials"

# Specify the Global Administrator UPN (replace with your actual admin)
$userPrincipalName = "[email protected]"  # <<< CHANGE THIS >>>

# Rotate the Kerberos server key
Write-Host "Rotating Kerberos server key for domain: $domain" -ForegroundColor Green
Set-AzureADKerberosServer `
    -Domain $domain `
    -UserPrincipalName $userPrincipalName `
    -DomainCredential $domainCred `
    -RotateServerKey

Write-Host "Kerberos key rotation completed successfully!" -ForegroundColor Green
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Powered by WordPress | Made with ❤ by Themely