Using a VB script from the Microsoft Hey Scripting Guy site to add a domain user to a local administrators group:

strComputer = "."
Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")
Set objUser = GetObject("WinNT://adminsys/XTeam-wksadm")
On Error Resume Next

Doing this in a Windows XP Service Pack 3 environment. It works some but not all the time. On occasion I get the message "The trust relationship between this workstation and the primary domain failed."

Reading about this error online, people have said they've removed the PC from the domain then rejoined the domain, and that solves the issue.

However, all I've had to do is reboot the PC and rerun the script and it works.

I'd like to build in some error handling to the script, but am not quite sure of the underlying cause for the error. At first I suspected the registry key HKLM\System\CurrentControlSet\Control\SessionManager\PendingFileRenameOperations, but that key has been populated with a value in only some of the instances.

So while a reboot solves the issue, I don't know WHY it solves the issue, and I'm not sure what I should add to my error handling code.

Has anyone else encountered this?
0 Comments   [ + ] Show Comments


Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.


I suspect it's related to machine account password-aging.

If the machine and domain haven't "agreed" to a password change for the machine's account (this normally happens if a machine has been disconnected from the domain longer than the specified number of days), AD effectively removes that machine from the domain. You can interrogate that directly in AD: the account has a property 'pwdLastSet'.
Answered 04/27/2011 by: VBScab
Red Belt

Please log in to comment
Answer this question or Comment on this question for clarity