{"id":9129,"date":"2025-08-14T03:05:16","date_gmt":"2025-08-14T03:05:16","guid":{"rendered":"https:\/\/pariswells.com\/blog\/?p=9129"},"modified":"2025-12-03T00:58:04","modified_gmt":"2025-12-03T00:58:04","slug":"reset-the-krbtgt-password","status":"publish","type":"post","link":"https:\/\/pariswells.com\/blog\/research\/reset-the-krbtgt-password","title":{"rendered":"Reset the krbtgt and krbtgt_AzureAD password"},"content":{"rendered":"\n<p><strong>krbtgt <\/strong><\/p>\n\n\n\n<p>Use this Script <a href=\"https:\/\/github.com\/microsoftarchive\/New-KrbtgtKeys.ps1\/blob\/master\/New-KrbtgtKeys.ps1\">https:\/\/github.com\/microsoftarchive\/New-KrbtgtKeys.ps1\/blob\/master\/New-KrbtgtKeys.ps1<\/a><\/p>\n\n\n\n<p>Reset to random password ( doesn&#8217;t matter as it will reset by itself ) <\/p>\n\n\n\n<p>Wait 10 hours then reset again<\/p>\n\n\n\n<p><a href=\"https:\/\/learn.microsoft.com\/en-us\/windows-server\/identity\/ad-ds\/manage\/forest-recovery-guide\/ad-forest-recovery-reset-the-krbtgt-password\">AD Forest Recovery &#8211; Reset the krbtgt password | Microsoft Learn<\/a><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p><strong>krbtgt_AzureAD<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code class=\"\"># Enable Global Administrator to rotate the Kerberos server key\n# Requires PowerShell 5.1 or later\n\n# Automatically install the AzureADHybridAuthenticationManagement module if not already installed\nif (-not (Get-Module -ListAvailable -Name AzureADHybridAuthenticationManagement)) {\n    Write-Host \"AzureADHybridAuthenticationManagement module not found. Installing...\" -ForegroundColor Yellow\n    Install-Module -Name AzureADHybridAuthenticationManagement -Scope CurrentUser -Force -AllowClobber\n}\n\n# Import the module\nImport-Module AzureADHybridAuthenticationManagement -Force\n\n# Get the current on-premises Active Directory domain\n$domain = $env:USERDNSDOMAIN\n\nif (-not $domain) {\n    Write-Error \"Could not detect domain. Are you running this on a domain-joined machine?\"\n    exit\n}\n\n# Prompt for Domain Administrator credentials\nWrite-Host \"Please enter Domain Administrator credentials for $domain\" -ForegroundColor Cyan\n$domainCred = Get-Credential -Message \"Domain Administrator credentials\"\n\n# Specify the Global Administrator UPN (replace with your actual admin)\n$userPrincipalName = \"globaladmin@yourdomain.com\"  # &lt;&lt;&lt; CHANGE THIS >>>\n\n# Rotate the Kerberos server key\nWrite-Host \"Rotating Kerberos server key for domain: $domain\" -ForegroundColor Green\nSet-AzureADKerberosServer `\n    -Domain $domain `\n    -UserPrincipalName $userPrincipalName `\n    -DomainCredential $domainCred `\n    -RotateServerKey\n\nWrite-Host \"Kerberos key rotation completed successfully!\" -ForegroundColor Green\n<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>krbtgt Use this Script https:\/\/github.com\/microsoftarchive\/New-KrbtgtKeys.ps1\/blob\/master\/New-KrbtgtKeys.ps1 Reset to random password ( doesn&#8217;t matter as it will reset by itself ) Wait 10 hours then reset again AD Forest [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-9129","post","type-post","status-publish","format-standard","hentry","category-research"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/9129","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/comments?post=9129"}],"version-history":[{"count":5,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/9129\/revisions"}],"predecessor-version":[{"id":9390,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/9129\/revisions\/9390"}],"wp:attachment":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/media?parent=9129"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/categories?post=9129"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/tags?post=9129"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}