Solved

Can't log in locally to 2003 server machine with AD...

Posted on 2004-09-02
19
365 Views
Last Modified: 2010-05-18
I have setup a Win 2003 server with AD. I want to log in to the machine locally but there is no option for that in the login dropdown. How can I set it to allow me this option?
0
Comment
Question by:Paul Montgomery
  • 5
  • 5
  • 3
  • +2
19 Comments
 
LVL 4

Accepted Solution

by:
ehammersley earned 250 total points
ID: 11964691
You don't.

A Windows 2003 Server w/ AD installed no longer contains a local security authority.  AD is that machines authority.  Member servers and workstations are the only ones you can login to locally.  In order to login to a AD machine you must possess credentials in the AD Domain.  The security of the domain being a key factor here because control of the domain controller should only be controlled by the domain itself.  If that makes any sense.
0
 

Author Comment

by:Paul Montgomery
ID: 11964748
What would happen if for example the nic went down on that machine and you needed to have access?
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 11964768
You would "log in" to the domain with cached credentials, since no domain controller could be contacted...
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 4

Expert Comment

by:ehammersley
ID: 11964785
Wait... I understood your question to be that you wanted to login locally to a server that has AD installed.  In other words it's a domain controller, for lack of a better term.

If that is correct then it will authenicate the login against its own copy of the AD and doesn't need the network.
0
 

Author Comment

by:Paul Montgomery
ID: 11964818
If I try to do this it tells me "No domain controller could be found"
0
 

Author Comment

by:Paul Montgomery
ID: 11964874
ehammersley - yes that is correct
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 11965055
Try pulling out the network cable and logging in again...
0
 

Author Comment

by:Paul Montgomery
ID: 11965669
sirbounty - no go. The connection problem I can troubleshoot. My big problem is how to access the machine when it's telling me "No domain controller can be found" and there's no other choices for a login.
0
 
LVL 67

Assisted Solution

by:sirbounty
sirbounty earned 250 total points
ID: 11967744
Can you ping it remotely?
Can you boot up into safe mode?
Try connecting to the IPC$ share
From a remote system:
NET USE \\Server\IPC$ /user:DOMAIN\DOMAINADMIN PASSWORD
0
 

Author Comment

by:Paul Montgomery
ID: 11968179
So your basically telling me there's no way to get into my system locally if there's no network connection?
0
 
LVL 6

Expert Comment

by:Casca1
ID: 11970073
DSRestore mode. The equivalent of AD safemode. You can either get command prompt or GUI.
I think this is what you're asking for...
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 11972798
Can you remove the network cable and reboot it remotely?

Shutdown \\myserver

(or get psshutdown from sysinternals.com)
If it doesn't 'see' a network, you should have the option to log on with cached credentials...
0
 

Expert Comment

by:fluidsmgmt
ID: 11973367
It sounds like to me your trying to log onto the server as a user that is not a domain admin.

You MUST use the domain Administrator account to log onto a DC, or at least a user that is in the domain admin group.

Non domain admins can not "Log on locally" to a domain controller.

What account are you using to log on?
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 11973405
To add to that - server operator group members may also log in locally.
But honestly, I don't think you would recieve the "no domain controller" error  - you'd get the "user does not have the log on locally permission" error...
0
 

Expert Comment

by:fluidsmgmt
ID: 11973430
When you installed Active Directory, you should have been asked what you want the administrator password to be.

Login as administrator with that password.
0
 

Expert Comment

by:fluidsmgmt
ID: 11973491
SirBounty is correct.. but it doesn't sound like ANYTHING has been done in AD Users and Groups.  Logged in as normal local account - install AD, then reboot.

I agree the no domain controller error is interesting.

Makes me think that DNS was not also installed on the same box, and during AD install, you said don't install DNS.
0
 
LVL 6

Expert Comment

by:Casca1
ID: 11978444
Ya know, the DNS sounds right. What kind of DNS servers you using?
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Learn about cloud computing and its benefits for small business owners.
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question