Windows 10

Checking connectivity to Active Directory: Test-ComputerSecureChannel

It’s one of my favourite commands when it comes to troubleshooting Active Directory and network connectivity. Suppose the following. A user tries to log on to the domain. The login is successful. Shortly thereafter, the user reports that he cannot access the files on the fileserver, nor he can send e-mails.

The default Active Directory setting allows the login without a domain controller, but only if the user has already logged on to the computer. The password is then stored locally. So far so good, but how can we find out whether we are logged on locally or not?

Test-ComputerSecureChannel verifies the secure channel to the domain.



True … is in good condition … that sounds great.

If Test-ComputerSecureChannel returns False, check your connection. Afterwards try to repair the channel with the parameter -repair.

Test-ComputerSecureChannel -Repair -Verbose


You can also test the connectivity for remote hosts.

I am logged on server dc01. Can server03 reach its Domain Controller?

Invoke-Command -ComputerName server03 {Test-ComputerSecureChannel -verbose}


Yes, server03 can reach its Domain Controller.

Technet: Test-ComputerSecureChannel.

Related Links

For checking name resoultion and network connectivity see also: The new nslookup: Resolve-DnsName and The modern version of ping: Test-Connection.

5 replies »

  1. Cool trying to remotely fix client machines both w7 and w10 via powershell, or psexec ideally?


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.