1. Check basic network connectivity

• Ping the domain controller:
  ping domain_controller_name

• Make sure the DNS server is pointing to your internal AD DNS.
  If not, update it:
  Control Panel > Network > Adapter Settings > IPv4 > Set DNS to your DC's IP

2. Restore trust between the PC and the domain

Method A (recommended – rejoin the domain):
Note: You need a domain admin account.

1. Log out the user and log in with a local admin account (e.g., .\Administrator)

2. Open System Properties > Computer Name tab > click Change

3. Select Workgroup, enter anything (e.g., TEMP), and confirm

4. Restart the PC

5. Repeat the steps, but now select Domain and enter your domain name

6. Provide domain admin credentials when prompted

7. Restart again

Method B (PowerShell – without rejoining):
Works only if the computer can still communicate with the DC and you have permissions

• Enter a domain admin account

• If it returns True, the trust relationship is successfully repaired

 3. Check the Event Viewer

• Open Event Viewer > System or Security

• Look for logon failure events (e.g., Event ID 4625, 5722, etc.)

• These can help diagnose whether it’s a network, credential, or trust issue

4. Sync time (critical for AD authentication)

• A significant time difference can cause authentication to fail

or force sync:

Pro tip:
Run nltest /sc_verify:domain.local to test the secure channel between the client and domain controller.