something exciting

Some information about the exciting thing

Table of contents generated with markdown-toc


This is a Microsoft script and is maintained at at the following GitHub Repository -




This script will enable you to: (1) perform a single reset of the krbtgt account password hash and related keys (it can be run multiple times for subsequent resets), (2) immediately replicate the krbtgt account and its new keys to all writable DCs in the domain, and (3) validate that all writable DC’s in the domain have successfully replicated the new keys, so they can decrypt any TGTs that are presented by clients and were encrypted with the new key(s). These capabilities help to perform the reset in a manner which minimizes the likelihood of Kerberos authentication issues due to the operation.

The script is designed to be self-documenting and includes an interactive menu and screen output that will guide you through its execution. Because it requires user input to select the execution mode and confirm before any changes are made, it is safe to begin by simply executing the script and reading the guidance throughout.

Back to Top


This document is a supplemental guide to the interactive krbtgt reset script (New-KrbtgtKeys.ps1). This guide describes the operating modes of the script and how to execute each of them.

Guide to Running New-CtmADKrbtgtKeys.docx



I have used gist-it to display the files from my GitHub repository and embed it into the web page. This is very similar to GitHub Gists

Gist-it uses google-code-prettify for Syntax highlighting.

The view raw link at the bottom right of the script will take you to a raw text version of the script which you can copy and paste.

Report Issues

You can report an issue or contribute to this site on GitHub. Simply click the button below and add any relevant notes.


Back to Top