This script will enable you to reset the krbtgt account password and related keys while minimizing the likelihood of Kerberos authentication issues being caused by the operation.
MIT License
402
stars
89
forks
source link
test for temporary canary object always evaluates to true when running in mode 2 #13
when running the script in mode 2, the statement on line 785 will always evaluate to
$true
because both$objectOnTargetDCPwdLastSet
and$objectOnSourceOrgRWDCPwdLastSet
are uninitialized in this mode and are therefore both equal to$null
https://github.com/microsoft/New-KrbtgtKeys.ps1/blob/aaa1b322f3dd4478f733a01b37dd221c8ff1f8c0/New-KrbtgtKeys.ps1#L785the statement should evaluate to
$false
when$targetObjectToCheck
is$null
because it would mean that, for example,Get-ADObject
on lines 755 or 758 failed for some reason https://github.com/microsoft/New-KrbtgtKeys.ps1/blob/aaa1b322f3dd4478f733a01b37dd221c8ff1f8c0/New-KrbtgtKeys.ps1#L755