Solved

Can't log in locally to 2003 server machine with AD...

Posted on 2004-09-02
19
358 Views
Last Modified: 2010-05-18
I have setup a Win 2003 server with AD. I want to log in to the machine locally but there is no option for that in the login dropdown. How can I set it to allow me this option?
0
Comment
Question by:Paul Montgomery
  • 5
  • 5
  • 3
  • +2
19 Comments
 
LVL 4

Accepted Solution

by:
ehammersley earned 250 total points
ID: 11964691
You don't.

A Windows 2003 Server w/ AD installed no longer contains a local security authority.  AD is that machines authority.  Member servers and workstations are the only ones you can login to locally.  In order to login to a AD machine you must possess credentials in the AD Domain.  The security of the domain being a key factor here because control of the domain controller should only be controlled by the domain itself.  If that makes any sense.
0
 

Author Comment

by:Paul Montgomery
ID: 11964748
What would happen if for example the nic went down on that machine and you needed to have access?
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 11964768
You would "log in" to the domain with cached credentials, since no domain controller could be contacted...
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 4

Expert Comment

by:ehammersley
ID: 11964785
Wait... I understood your question to be that you wanted to login locally to a server that has AD installed.  In other words it's a domain controller, for lack of a better term.

If that is correct then it will authenicate the login against its own copy of the AD and doesn't need the network.
0
 

Author Comment

by:Paul Montgomery
ID: 11964818
If I try to do this it tells me "No domain controller could be found"
0
 

Author Comment

by:Paul Montgomery
ID: 11964874
ehammersley - yes that is correct
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 11965055
Try pulling out the network cable and logging in again...
0
 

Author Comment

by:Paul Montgomery
ID: 11965669
sirbounty - no go. The connection problem I can troubleshoot. My big problem is how to access the machine when it's telling me "No domain controller can be found" and there's no other choices for a login.
0
 
LVL 67

Assisted Solution

by:sirbounty
sirbounty earned 250 total points
ID: 11967744
Can you ping it remotely?
Can you boot up into safe mode?
Try connecting to the IPC$ share
From a remote system:
NET USE \\Server\IPC$ /user:DOMAIN\DOMAINADMIN PASSWORD
0
 

Author Comment

by:Paul Montgomery
ID: 11968179
So your basically telling me there's no way to get into my system locally if there's no network connection?
0
 
LVL 6

Expert Comment

by:Casca1
ID: 11970073
DSRestore mode. The equivalent of AD safemode. You can either get command prompt or GUI.
I think this is what you're asking for...
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 11972798
Can you remove the network cable and reboot it remotely?

Shutdown \\myserver

(or get psshutdown from sysinternals.com)
If it doesn't 'see' a network, you should have the option to log on with cached credentials...
0
 

Expert Comment

by:fluidsmgmt
ID: 11973367
It sounds like to me your trying to log onto the server as a user that is not a domain admin.

You MUST use the domain Administrator account to log onto a DC, or at least a user that is in the domain admin group.

Non domain admins can not "Log on locally" to a domain controller.

What account are you using to log on?
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 11973405
To add to that - server operator group members may also log in locally.
But honestly, I don't think you would recieve the "no domain controller" error  - you'd get the "user does not have the log on locally permission" error...
0
 

Expert Comment

by:fluidsmgmt
ID: 11973430
When you installed Active Directory, you should have been asked what you want the administrator password to be.

Login as administrator with that password.
0
 

Expert Comment

by:fluidsmgmt
ID: 11973491
SirBounty is correct.. but it doesn't sound like ANYTHING has been done in AD Users and Groups.  Logged in as normal local account - install AD, then reboot.

I agree the no domain controller error is interesting.

Makes me think that DNS was not also installed on the same box, and during AD install, you said don't install DNS.
0
 
LVL 6

Expert Comment

by:Casca1
ID: 11978444
Ya know, the DNS sounds right. What kind of DNS servers you using?
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question