Via Intune fix – The trust relationship between this workstation and the primary domain failed

On machine where you see trust relationship is broken, log in using last credentials, but without network. In this way it should be possible. We are saving them to avoid storing AD credentials in Intune.

  • Save locally the variables with permissions to reset password using this script:

$adminUsername=”xxxx\adjoinuser”
$adminPassword=”xxx”
#$cred = New-Object PSCredential $adminUsername, ($adminPassword | ConvertTo-SecureString -AsPlainText -Force)
New-Item -ItemType Directory c:\aaaa
Get-Variable admin* | Export-Clixml c:\aaaa\vars.xml
#Import-Clixml c:\aaaa\vars.xml | %{ Set-Variable $_.Name $_.Value }

  • Create Intune script:

    • Detection script:
    • exit 1

    • Remediation script:
    • Import-Clixml c:\aaaa\vars.xml | %{ Set-Variable $_.Name $_.Value }
      #$adminUsername
      #$adminPassword
      $cred = New-Object PSCredential $adminUsername, ($adminPassword | ConvertTo-SecureString -AsPlainText -Force)
      Test-ComputerSecureChannel -Repair -Credential $cred

 

  • Assigned to created group with machine name and/or with affected username
  • After executing the script via Intune trust relationship should be fixed

 

You can also do this in this way, all in Intune Script but password will be stored in Intune, but without any access to affected machine

  • Remediation script:

 

$adminUsername=”xxxx\adjoinuser”
$adminPassword=”xxx”
$cred = New-Object PSCredential $adminUsername, ($adminPassword | ConvertTo-SecureString -AsPlainText -Force)
Test-ComputerSecureChannel -Repair -Credential $cred