I recently had a problem with a client's Active Directory


2 Active Directory sites were unable to connect during a few days, and in the meantime the domain controllers changed their computer's account password (see Murphy's Law) 

When the network came back, the Active Directory replication tools gave the following error :


DCDIAG reports that the Active Directory Replications test has failed with error -2146893022: “The target principal name is incorrect."

This oriented me towards this microsoft KB :



After checking all the information, here is what I did :


The "netdom resetpwd /server:<DC to direct password change to> /userd:<user name> /passwordd:<password> command executed from an admin-privileged CMD prompt on the console of the DC needing a password reset can be used to reset DC machine account passwords.


This command must be executed on the different DCs crossing sites, DC1siteA towards DC1SiteB and DC1SiteB towards DC1SiteA

After cascading reboots, replication started again correctly!