This article explains how to fix the “Target account name is incorrect” error you are getting on your domain controllers. This usually stems from a system administrator doing a snapshot revert on the Domain Controller which messes up the KDC service and domain replication. It also can happen if you had a DC offline for a long time 30+ days.
- Stop and disable the Key Distribution Center (KDC) service on the troubled domain controller
net stop kdc sc config "kdc" start= disabled
Please Note: space is REQUIRED after start=
Alternatively, you can do this from the Services Panel
Purge the ticket cache on the local domain controller.
_Note: you can use
klist ticketsto view tickets before purging them
Afterward, Reboot Troubled Domain Controller
Reset the troubled domain controller’s account password to the primary domain controller (PDC) emulator master using netdom /resetpwd. Find PDC using: netdom query fsmo
netdom /RESETPWD /s:pdcserver.domain.local /ud:domain\Administrator /pd:*
Synchronize the domain directory partition of the replication partner with the PDC emulator master
Once more, Reboot the Troubled DC and start and enable the KDC on the local domain controller:
sc config "kdc" start= auto net start KDC
Typically I wait about 5-10 minutes after this and start doing checks to see if it is now replicating properly. You can also force a replicate using repadmin /replicate but usually not necessary. In the end, make sure you check to make you aren’t getting the “Target account name is incorrect” error anymore.
I live stream on Twitch and encourage you to drop in and ask a question. I regularly publish on YouTube and christitus.com, but if you need immediate assistance, check out the Terminal Cafe with Discord Invite Link.