Computer Account Password Reset process

This succinctly sums up the process.

Note that resetting a computer account is a client-initiated process, so clients that are turned off for months will still authenticate since they will only change the old password when they come back on line.

Also worth noting that before changing the password locally, they ensure that a valid secure channel exists so lack of connectivity should not cause a password mismatch.

http://blogs.technet.com/b/askds/archive/2009/02/15/test2.aspx

Connecting to DNS on Server 2008 R2 from older OS's

Server 2008 R2 implements RPC integrity. This is not supported in the W2K and W2K3 versions of DNSMGMT.msc or DNSCMD.exe.

http://technet.microsoft.com/en-us/library/ee649281(WS.10).aspx

which suggests that only W2K8R2 machines can be managed from the same OS, and only W2K3 machines can be managed by older OS's.

Which is a pain.

I understand the following would "fix" Server 2008 R2, but by running this you are effectively exposing DNS to man in the middle attacks:

dnscmd.exe /Config /RpcProtocol 7

dnscmd.exe /Config /RpcAuthLevel 0 

I have not attempted this to be able to confirm that it works.