If you have problem with trust relationship for your member server or workstation.

Sometime your member server or workstation fails to re-sync Kerberos ticket and shows error for trust relationship :

In this case usually all admins adds this computer to workgroup (removing from AD domain) and re-adds it again to domain. For member servers it’s not always OK.

If you are provident enough you better predict a such scenario and add RSAT/Remote Server Administration Tools to your system image on WDS server, or just install it every time when you format and re-install OS. For member servers just enable RSAT feature, Domain Controllers already have it enabled. If the workstation/member server doesn’t have installed RSAT then you can take two files netdom.exe and netdom.exe.mui from other similar OS with installed RSAT and copy them into c:\windows\system32 and c:\windows\system32\en-us folder (for mui)

In this case you will be able to use netdom utility:

netdom.exe resetpwd /s:yourdomain-controller-name /ud:yourdomainname\adminaccountname /pd:youradminaccountpassword

So you will gain time – instead of two reboots – only one. Also it’s more clear way to fix the above problem not damaging for example SPNs/Service Principle Names.