How to check if MCS is updating the machine account password on the VDA.

---

Instructions

1. After creation of the VM and machine password change event, verify the below things.
2. Check for netlogon event on the VDA, check if the password was updated or not successfully.
3. Download PSTools onto the VDA and extract the download to its own folder (PSTools can be downloaded from: https://learn.microsoft.com/en-us/sysinternals/downloads/psexec)
4. Start an an adminstrator level command prompt session and use the cd command to navigate to the directory that you extracted PSTools to, then run the following command to start a system level command prompt:  PSEXEC -i -s cmd 
5. A new command prompt window will open
6. Run Regedit from the new command prompt started in System context
7. Navigate to this key HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets\$MACHINE.ACC\CupdTime\default
8. Note the HEX value in this key
9. Take the HEX value that is listed in that registry key, split it in half (2 sets of 4 hex values), then reverse them as they are listed
10. For example "FE 88 EF C6 49 C6 D0 01" in the key. In the split/reversed format  it would be: C6EF88FE   01D0C649 
11. Run the following command to convert the HEX vlaues to a valid date (subsitute your own hex value after /time) Nltest /time:C6EF88FE   01D0C649 
12. You should get a response similar to to c6ef88fe 01d0c649 = 7/24/2015 14:48:56
13. In active directory, use and LDAP query to find he pwdlastset attribute of the VDAs computer account object.
14. Note timestamp of PasswordLastSet attribute.
15. Verify date/time present in AD and compare with your Nltest output - they should match

 
 

This software application is provided to you as is with no representations, warranties or conditions of any kind. You may use and distribute it at your own risk. CITRIX DISCLAIMS ALL WARRANTIES WHATSOEVER, EXPRESS, IMPLIED, WRITTEN, ORAL OR STATUTORY, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NONINFRINGEMENT. Without limiting the generality of the foregoing, you acknowledge and agree that: (a) the software application may exhibit errors, design flaws or other problems, possibly resulting in loss of data or damage to property; (b) it may not be possible to make the software application fully functional; and (c) Citrix may, without notice or liability to you, cease to make available the current version and/or any future versions of the software application. In no event should the software application be used to support ultra-hazardous activities, including but not limited to life support or blasting activities. NEITHER CITRIX NOR ITS AFFILIATES OR AGENTS WILL BE LIABLE, UNDER BREACH OF CONTRACT OR ANY OTHER THEORY OF LIABILITY, FOR ANY DAMAGES WHATSOEVER ARISING FROM USE OF THE SOFTWARE APPLICATION, INCLUDING WITHOUT LIMITATION DIRECT, SPECIAL, INCIDENTAL, PUNITIVE, CONSEQUENTIAL OR OTHER DAMAGES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. You agree to indemnify and defend Citrix against any and all claims arising from your use, modification or distribution of the software application.

NLtest reference: https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc731935(v=ws.11)

ADSI filter syntax to query objects in LDAP for Active directory: https://learn.microsoft.com/en-us/windows/win32/adsi/search-filter-syntax