0X00000A89

Fix 0X00000A89: Computer account not found on domain

Windows Errors Intermediate 👁 0 views 📅 May 26, 2026

This error shows when a computer tries to connect to a domain resource but the domain controller can't find its account. The fix is to reset the computer account.

You're sitting at a Windows 10 or 11 machine, and you try to access a shared drive, a printer, or maybe you're running a remote management tool. Instead of getting in, you see this: "The specified computer account could not be found. Contact your system administrator." The exact error code is 0X00000A89, and the system message calls it NERR_ComputerAccountNotFound.

This usually happens after a domain controller was restored from backup, or after a computer's account got deleted from Active Directory by accident. Sometimes it happens after a big Windows update that changes the machine's security identifier (SID). The domain controller looks up the computer's account, but it's either missing or the password hash doesn't match.

Root cause

The computer has a secret password that it shares with the domain controller. Every 30 days, that password changes automatically. If the computer's account is deleted from Active Directory, or if the password gets out of sync, the domain controller tells the computer "I don't have an account for you." That's error 0X00000A89.

What you'll need

  • Domain admin credentials, or at least the built-in local Administrator password on the machine.
  • Physical or remote access to the computer showing the error.
  • About 10 minutes.

Step-by-step fix

Step 1: Check if the computer account exists in Active Directory

Log into a domain controller or any machine with Active Directory Users and Computers installed.

  1. Open Active Directory Users and Computers.
  2. Find the correct OU (Organizational Unit) for the computer. If you're not sure, right-click the domain name and choose Find. Type the computer's name.
  3. If the computer shows up, right-click it and choose Properties. Look at the Operating System tab — make sure it matches the machine you're working on.
  4. If the computer doesn't show up, skip to Step 4 — you'll need to rejoin the domain.

Step 2: Reset the computer account from the server side

This is the cleanest way to fix a password mismatch without touching the client machine.

  1. In Active Directory Users and Computers, right-click the computer object and choose Reset Account.
  2. Click Yes when it asks for confirmation.
  3. You should see a message saying the account was reset. It's that simple.

After resetting, the domain controller generates a new password for that computer. But the client machine still has the old one. So you need to force the client to sync.

Step 3: Force the client to re-sync the password

On the problematic computer:

  1. Open a command prompt as Administrator. Press the Windows key, type cmd, right-click Command Prompt, and choose Run as administrator.
  2. Run this command:
    netdom resetpwd /s:<domaincontroller> /ud:<domain>\<admin> /pd:*
    Replace <domaincontroller> with the name of your domain controller (e.g., DC01). Replace <domain>\<admin> with your domain and admin username (e.g., CORP\jsmith).
  3. It will ask for the admin password. Type it and press Enter.
  4. You should see: The password has been set successfully.

After that, reboot the computer. Try the action that caused the error. It should work now.

Step 4: If the account is missing — rejoin the domain

If the computer account was deleted from Active Directory, you have to remove the machine from the domain and rejoin it.

  1. Log in with the local Administrator account. Not a domain account — that won't work because the domain controller doesn't know this machine anymore.
  2. Go to Settings > Accounts > Access work or school.
  3. Click Disconnect next to the domain connection. It will ask for confirmation. Yes, you want to leave the domain.
  4. Reboot the machine. It's now in a workgroup.
  5. Go back to Settings > Accounts > Access work or school, click Connect, and choose Join this device to a local Active Directory domain.
  6. Enter the domain name. Provide domain admin credentials when prompted.
  7. Reboot again.

After this, the domain controller creates a fresh computer account. The error should disappear.

If it still fails

Sometimes the problem is DNS. The computer can't find the domain controller. Run nslookup yourdomain.com from the command prompt and see if it returns an IP address. If not, check that the network adapter's DNS points to the domain controller. Also make sure the computer's time is within 5 minutes of the domain controller's time — Kerberos won't work otherwise.

Another thing: check if the machine's secure channel is broken. Run this in an admin command prompt:

nltest /sc_query:yourdomain.com

If it says ERROR: No Logon Servers or Status = 5 0x5 ERROR_ACCESS_DENIED, then the secure channel is toast. The netdom resetpwd command from Step 3 is your best bet there.

One last thing — if you're on a VPN, disconnect and try from the local network. VPNs can sometimes interfere with domain authentication. I've seen it happen more than a few times.

Was this solution helpful?

0X00000A89 computer account not found NERR_ComputerAccountNotFound domain join error reset computer account Windows domain error computer account missing domain controller Active Directory Netlogon error fix 0x00000a89