If a computer is restored from an old restore point or a snapshot that was created before the computer’s password was changed in AD, the machine password in the snapshot will differ from the AD computer object password.

When the trust relationship between a workstation and the Active Directory domain is broken, you will encounter errors such as:

The trust relationship between this workstation and the primary domain failed.

or

The security database on the server does not have a computer account for this workstation trust relationship.

To restore trust between the machine and the domain, you must log on to the computer locally using an account with local administrator privileges. Open your elevated terminal session and check if you have a valid trust relationship with the AD Domain with following PowerShell command:

Test-ComputerSecureChannel -Verbose

Should the result be something like

VERBOSE: The secure channel between the local computer and the domain <DOMAIN> is broken.

You can fix it by running the repair command:

Test-ComputerSecureChannel -Repair -Credential <DOMAIN>\<ADMINUSER> -Verbose

Result should be like this:

VERBOSE: The secure channel between the local computer and the domain <DOMAIN> was successfully repaired.

No reboot or delete/add to AD is needed.