Hi there,
I've been trying to track down some trust issues in our server 2008 domain consisting of 9 sites & 12 AD servers. Most of them have been duplicate machine name issues, or individual networking problems on the client machines themselves - but during my troubleshooting I've noticed something strange. When using nltest to determine the cdigest and sdigest of any domain member, the "old" password is identical on our domain controllers.
From a workstation:
C:\>nltest /cdigest:tecnet /domain:mydomain.local
Account RID: 0x3f9f
New digest: df ef aa 9f d3 13 a0 01 78 2c 6e ce 7d b9 16 62 ????????
Old digest: 83 0a 4f bc 57 04 39 81 3c 0d 31 d5 5d ea 8a 7e ????????
The command completed successfully
From domain controller:
C:\>nltest /sdigest:tecnet /RID:0x3f9fAccount RID: 0x3f9f
New digest: df ef aa 9f d3 13 a0 01 78 2c 6e ce 7d b9 16 62 ?????????♂
Old digest: df ef aa 9f d3 13 a0 01 78 2c 6e ce 7d b9 16 62 ?????????♂
The command completed successfully
I've researched this problem and can't seem to find any applied policies that control this - any help would be appreciated. Thanks!