Some information about the exciting thing
This is a Microsoft script and is maintained at at the following GitHub Repository - https://github.com/microsoft/New-KrbtgtKeys.ps1
This script will enable you to: (1) perform a single reset of the krbtgt account password hash and related keys (it can be run multiple times for subsequent resets), (2) immediately replicate the krbtgt account and its new keys to all writable DCs in the domain, and (3) validate that all writable DC’s in the domain have successfully replicated the new keys, so they can decrypt any TGTs that are presented by clients and were encrypted with the new key(s). These capabilities help to perform the reset in a manner which minimizes the likelihood of Kerberos authentication issues due to the operation.
The script is designed to be self-documenting and includes an interactive menu and screen output that will guide you through its execution. Because it requires user input to select the execution mode and confirm before any changes are made, it is safe to begin by simply executing the script and reading the guidance throughout.
This document is a supplemental guide to the interactive krbtgt reset script (New-KrbtgtKeys.ps1). This guide describes the operating modes of the script and how to execute each of them.
Guide to Running New-CtmADKrbtgtKeys.docx
Gist-it uses google-code-prettify for Syntax highlighting.
view raw link at the bottom right of the script will take you to a raw text version of the script which you can copy and paste.
You can report an issue or contribute to this site on GitHub. Simply click the button below and add any relevant notes.