“Target account name is incorrect” Domain Controller Error

“Target account name is incorrect” Domain Controller Error
Share on:

This article explains how to fix the “Target account name is incorrect” error you are getting on your domain controllers. This usually stems from a system administrator doing a snapshot revert on the Domain Controller which messes up the KDC service and domain replication. It also can happen if you had a DC offline for a long time 30+ days.

Commands

  • Stop and disable the Key Distribution Center (KDC) service on the troubled domain controller
net stop kdc
sc config "kdc" start= disabled

Please Note: space is REQUIRED after start=
Alternatively, you can do this from the Services Panel

  • Purge the ticket cache on the local domain controller. klist purge
    _Note: you can use klist tickets to view tickets before purging them

    • Afterward, Reboot Troubled Domain Controller

    • Reset the troubled domain controller’s account password to the primary domain controller (PDC) emulator master using netdom /resetpwd. Find PDC using: netdom query fsmo

      • netdom /RESETPWD /s:pdcserver.domain.local /ud:domain\Administrator /pd:*
    • Synchronize the domain directory partition of the replication partner with the PDC emulator master

      • repadmin /kcc
    • Once more, Reboot the Troubled DC and start and enable the KDC on the local domain controller:

sc config "kdc" start= auto
net start KDC

Typically I wait about 5-10 minutes after this and start doing checks to see if it is now replicating properly. You can also force a replicate using repadmin /replicate but usually not necessary. In the end, make sure you check to make you aren’t getting the “Target account name is incorrect” error anymore.

I live stream on Twitch and encourage you to drop in and ask a question. I regularly publish on YouTube and christitus.com, but if you need immediate assistance, check out our discord channel at Chris Titus Tech Discord.