• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 13368
  • Last Modified:


After using dcpromo to downgrade from active directory server to stand alone, all accounts seems to be deleted, including the admin one; therefore I cannot login aymore. Probably a bug? There are a lot of problems mentionned on microsoft support site for non-domestic versions when uding dcpromo. Has anyone had the same trouble? If yes, tell me which version (UK, German, french, italian, spanish, etc...) and sp#. That was a problem in sp1, but is supposed to be corrected with sp2+...
2 Solutions
No, not deleted. Most of the accounts on the system when the computer was a Domain Controller were in Active Directory, not on the computer itself. Everyone of the accounts were 'deleted' in a sense that you can't access them from the machine, because it was demoted to where it cannot authenticate users anymore. It's just a normal client/server now. If you want to have all of those accounts active again, but don't want to make the computer a domain controller again, you're going to have to manually add all of the user accounts and passwords back into the machine but on the local level this time. It's a pain, but that's what has to be done.

when you demote a domain controller to a regular server, all domain related user accounts are deleted.  The administrator account is not deleted.  You just don't remember the password for it.  Remember when you did dcpromo to make it a domain controller, it asked you to enter an administrator password for the offline SAM.  Also when you demoted your domain controller, it also asked you to re-enter the password for the administrator account.
Is there another server acting as the DC??
If no then you have gotten rid of your domain and now have a server in a workgroup, which the user database is stored on the local pc of your workstations.
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

During the dcpromo process you were prompted to give the local administrator a password. That is currently the only account present on this machine and thus the only one you can logon with. All the others are gone.

Above is based on this having been the only DC in the domain.
lesouefAuthor Commented:
thanks to you all. You are all correct except:
- the passwd used to demote does not work anymore.
- this server was active directory server also (the 1st non NT4 server here), so the AD accounts are effectively deleted, but I would have expected the admin one to remain untouched
- I do remember the local admin passwd, but is does not bloody work anymore!
You all witness the way it should work, and I believe it does most of the time...
The original idea to demote this server was to try to overcome a problem which was preventing from recuperating accounts from my NT4 domain using the migration tool which also reported my passwd to be wrong in the old domain though I could login as domain admin on both machines...
I am definitly convinced this is a buggy area as my machine has gone back to US keyboard also... may not be related... I'll let you know the final word anyway, but I may have to re-install...
at the logon prompt, type your admin password at the username box.  see if it's correct.  
lesouefAuthor Commented:
If yr idea is that I would be trapped by the keyboard layout, too late, I laso did a cut/paste from username box to passwd to "see" the entered passwd...
This question is still open and getting old. If any of the comment(s) above helped you please accept it as an answer or split the points who ever helped you in this question. Your attention in finalising this question is very much appreciated. Thanks in advance,


- If you would like to close this question and have your points refunded, please post a question in community support area on http://www.experts-exchange.com/Community_Support/ giving the address of this question. Thank you      


Cleanup Volunteer

lesouefAuthor Commented:
I am OK to split points though nobody found the fix, but... there were no fix, it was definitly a bug.
I reinstalled that machine as stand alone machine, and postponed the active directory upgrade to my next server installation.
By that time, MS may have fixed it!
Sorry I forgot I had this question open, this happens when there is no more answer coming. I'll check if I have others, I swear it!
I would like to point out one thing that I did not see mentioned.  If the Adminstartor account (the default account setup for administrative access) had been renamed while the server was an AD conroller (ie. Administartor had been renamed to JoeBlow), the when you do a dcpromo downgrade to a member server the account is now named Administrator again.  You can not logon as JoeBlow.

I don't know if that would be the issue here, but I did not see it mentioned.
You could use a NT password Bootdisk to hack the password.  The utility, will allow you to boot the 2000 Server and change the adminstrative password.  It will allow you to see the Admin account name if you changed it and change the password.  It will also allow you to set a blank password.

It can be downloaded for free from the following website.  http://home.eunet.no/~pnordahl/ntpasswd/editor.html

lesouefAuthor Commented:
thanks for this late answer, that stuff is 2 years old. Since then, that server has been re-installed, I have left the company, etc...
Actually, I had not lost the passwd, the account had been disabled or erased, and it was not renamed for sure. I discovered later on (when hiring a MCSE guy, freshly trained) that what we were trying to do was not supported by the w2k installation at that time, but he learned this from the w2k3 AD migration notes! (and that was, installing AD on a w2k server with domain accounts recuperation from a 2nd NT4 server. On top, that server used to be a stand alone NT4 server upgraded to domain controller with DCpromote (excellent utility otherwise, but renames groups with english names on non english OSs, which may have disturbed AD migrations tools)

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Tackle projects and never again get stuck behind a technical roadblock.
Join Now