This article explains how to fix the “Target account name is incorrect” error you are getting on your domain controllers. This usually stems from a system administrator doing a snapshot revert on the Domain Controller which messes up the KDC service and domain replication. It also can happen if you had a DC offline for a long time 30+ days.
- Stop and disable the Key Distribution Center (KDC) service on the troubled domain controller
net stop kdc
sc config "kdc" start= disabled
Please Note: space is REQUIRED after start=
Alternatively, you can do this from the Services Panel
- Purge the ticket cache on the local domain controller.
note: you can use ‘klist tickets’ to view tickets before purging them
- Afterward, Reboot Troubled Domain Controller
- Reset the troubled domain controller’s account password to the primary domain controller (PDC) emulator master using netdom /resetpwd. Find PDC using: netdom query fsmo
netdom /RESETPWD /s:pdcserver.domain.local /ud:domain\Administrator /pd:*
- Synchronize the domain directory partition of the replication partner with the PDC emulator master
- Once more, Reboot the Troubled DC and start and enable the KDC on the local domain controller:
sc config "kdc" start= auto
net start KDC
Typically I wait about 5-10 minutes after this and start doing checks to see if it is now replicating properly. You can also force a replicate using repadmin /replicate but usually not necessary. In the end, make sure you check to make you aren’t getting the “Target account name is incorrect” error anymore.
Leave any Questions and Comments below and I will get back to you. I regularly publish on YouTube, Steemit, and christitus.com so if you’d like to see more videos and articles click the subscribe button in the top right.