How to Reset Local Administrator Password on Server
-
@shybrsky
Can you paste snapshots of the errors or problems? If you need to past 10 snapshots then do so. What exactly is the "Big issue"? -
I've reset a lost domain administrator account before. Here is what I did.
- Used Offline Password and Registry boot utility, reset the administrator password (This is the Directory Services Restore Mode password)
- Once booted in directory services restore mode I created a script that launched at startup that ran as the system account the script ran the "net user" command to reset the domain administrator password.
- Rebooted the server into normal mode, the script ran when the computer started up and I was able to use the password I set in the script. Then I made sure to remove the script from startup.
-
@shybrsky said:
#local admin on dc = did u mean administrator domain?
#DC ( domain controller server) or another server that joined to the domain
#demote = did u mean unjoin server then rejoin?No traditional local admin account on a Domain Controller (DC)
- so there is no server\administrator account
You cannot take a DC off the domain without FIRST demoting it.
This is a LAST RESORT.@brianlittlejohn seems to be onto something. Try that next.
-
Also came across this... cant vouch if it works or not...
http://www.bursky.net/index.php/2012/04/reset-domain-administrator-password-windows-server-2008/
-
-
@brianlittlejohn said:
Also came across this... cant vouch if it works or not...
http://www.bursky.net/index.php/2012/04/reset-domain-administrator-password-windows-server-2008/
I have used this method in the past - it does work, or at least did for me on 2008 (R2)
-
@brianlittlejohn
I have done this on workstation multiple time and yes it works.
I cannot say the same thing for DC as I have not try it yet. -
@brianlittlejohn said:
I've reselocalost domain administrator account before. Here is what I did.
- Used Offline Password and Registry boot utility, reset the administrator password (This is the Directory Services Restore Mode password)
- Once booted in directory services restore mode I created a script that launched at startup that ran as the system account the script ran the "net user" command to reset the domain administrator password.
- Rebooted the server into normal mode, the script ran when the computer started up and I was able to use the password I set in the script. Then I made sure to remove the script from startup.
#password of administrator domain is normal like other day
#its not administrator domain but local server administrator passwordbefore, i dont need to login as administrator local to gain any access of all my server, but now it different.. force me to set manually administrator domain to be member of rdp user on each server i want to remote.. without administrator local, server said "not authorize"
look like something missing.. some puzzel or goes away..
-
@Dashrender said:
@brianlittlejohn said:
Also came across this... cant vouch if it works or not...
http://www.bursky.net/index.php/2012/04/reset-domain-administrator-password-windows-server-2008/
I have used this method in the past - it does work, or at least did for me on 2008 (R2)
ill try tomorrow...
-
@LAH3385 said:
@brianlittlejohn
I have done this on workstation multiple time and yes it works.
I cannot say the same thing for DC as I have not try it yet.noted, ill try soon
-
@shybrsky
can you paste some screenshots of the error or steps you taken when you try to remote in? The more the better. (please don't post anything security sensitive opened in the background). -
Are you sure your profile for the domain admin user is just not corrupted?
Is this the only DC for this domain?
If so, this is a prime example of why you need more than 1.
If not, does this occur on other servers/systems when trying to login with the same account? -
@LAH3385 said:
@shybrsky
can you paste some screenshots of the error or steps you taken when you try to remote in? The more the better. (please don't post anything security sensitive opened in the background).
#(please don't post anything security sensitive opened in the background). what do u mean ??
-
@wrx7m said:
Are you sure your profile for the domain admin user is just not corrupted?
Is this the only DC for this domain?
If so, this is a prime example of why you need more than 1.
If not, does this occur on other servers/systems when trying to login with the same account?#how to check it user corrupted ??
#i think DC are seem bit strange ... administrator domain user mean nothing on client PC or other servers. force me to set on user account to assign administrator domain get local authority on each server -
@shybrsky Looks like it is domain-wide (not just that server). Have you tried logging in directly (in front of the server) or with iDRAC/iLO?
-
-
@shybrsky said:
@LAH3385 said:
@shybrsky
can you paste some screenshots of the error or steps you taken when you try to remote in? The more the better. (please don't post anything security sensitive opened in the background).#(please don't post anything security sensitive opened in the background). what do u mean ??
This is what I replicated. Are you sure that your user is allowed to be remote in on the machine?
You mentioned that something happened is it possible that whatever happens knock the user rights out.
Can you post (if possible) the remote user rights?
-
@LAH3385 said:
@shybrsky said:
@LAH3385 said:
@shybrsky
can you paste some screenshots of the error or steps you taken when you try to remote in? The more the better. (please don't post anything security sensitive opened in the background).#(please don't post anything security sensitive opened in the background). what do u mean ??
This is what I replicated. Are you sure that your user is allowed to be remote in on the machine?
You mentioned that something happened is it possible that whatever happens knock the user rights out.
Can you post (if possible) the remote user rights?
sorry for late respond,,,
just added some user to gain access to remote desktop ..before i add, there only administrator local
maybe ,that the problemi dont figured out yet, how administrator domain knocked out
-
@shybrsky
I would start with going through all the security groups member/member of. We ran into similar problem before where certain admins lose their administrator rights. Turn out they didn't have the rights from the beginning as the member they were given, named admin, does not contain administrators group. They got their administrator rights through another group, named audit, which was removed for reasons. It was a mess for a day.To prevent this incident from happening again I would use GPO to give every machine within AD the rights for administrators group to gain remote access. In my environment we create a security group named remoteaccess for RDP
http://social.technet.microsoft.com/wiki/contents/articles/4980.how-to-enable-or-disable-remote-desktop-via-group-policy-windows-2008.aspx -
@LAH3385 said:
@shybrsky
I would start with going through all the security groups member/member of. We ran into similar problem before where certain admins lose their administrator rights. Turn out they didn't have the rights from the beginning as the member they were given, named admin, does not contain administrators group. They got their administrator rights through another group, named audit, which was removed for reasons. It was a mess for a day.To prevent this incident from happening again I would use GPO to give every machine within AD the rights for administrators group to gain remote access. In my environment we create a security group named remoteaccess for RDP
http://social.technet.microsoft.com/wiki/contents/articles/4980.how-to-enable-or-disable-remote-desktop-via-group-policy-windows-2008.aspxmmm... thanks bud, will check on monday.. really appreciate it
