Solved

Account Administrator is disable. Help

Posted on 2006-07-02
24
625 Views
Last Modified: 2012-08-14
Hi.

i was playing arround with my server 2003 and i disabled Administrator account. i can not login now. i don't have another domain.

What can i do?.

please help.

0
Comment
Question by:Almatrodi
  • 12
  • 6
  • 2
  • +3
24 Comments
 
LVL 6

Assisted Solution

by:davy999
davy999 earned 150 total points
ID: 17027274
0
 
LVL 1

Author Comment

by:Almatrodi
ID: 17027572

i did not forget it. i disabled it. do you think it will work?.

0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17028025
how in the world did you manage to do that!!!

you have no other accounts that you can log on with?
0
 
LVL 15

Expert Comment

by:wingatesl
ID: 17028696
The program  davy999 pointed you to will enable the account as well
0
 
LVL 5

Expert Comment

by:NAORC
ID: 17030318
If you have any other accounts that have administrator rights, you can log in under that account and re-enable administrator..

i'm probably pointing out the obvious and it was more than likely the first thing you tried, but who knows.
0
 
LVL 1

Author Comment

by:Almatrodi
ID: 17041138

Still can not make Administrator work.

NAORC i don't have it.
0
 
LVL 1

Author Comment

by:Almatrodi
ID: 17041268

it gives me a msg "this acount is disabled......"
0
 
LVL 15

Expert Comment

by:wingatesl
ID: 17041987
ntpasswd enabled the account, you may have downloaded a different program
0
 
LVL 1

Author Comment

by:Almatrodi
ID: 17095334

Did not work. maybe my hard disks are Dynamic disks?.

0
 
LVL 1

Author Comment

by:Almatrodi
ID: 17126783

Hello...

no answers!.

0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17126789
no ideas!
0
 
LVL 83

Expert Comment

by:oBdA
ID: 17132908
Follow the description in davy999's link (http://www.petri.co.il/reset_domain_admin_password_in_windows_server_2003_ad.htm) to the letter, but replace the net.exe parameters with the command to enable the account again (and ignore the part about the resetting the password):

name: AppParameters
type: REG_SZ (string)
value: /k net user administrator /active:yes /domain
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 1

Author Comment

by:Almatrodi
ID: 17133223

oBdA..

i did as u typed. still getting "Your account has been disabled. Please see your system administrator".

please... HELLLLLP.

0
 
LVL 83

Expert Comment

by:oBdA
ID: 17140966
I'll need to test this, but I won't get around to it before the weekend, sorry.
0
 
LVL 1

Author Comment

by:Almatrodi
ID: 17142313

i'll wait.

0
 
LVL 83

Expert Comment

by:oBdA
ID: 17160268
Works flawlessly here, so you must have missed something.
As for troubleshooting: when you try to start the PassRecovery service while still in Active Directory Restore Mode, a command window should come up, and you should see an error message (1355, domain couldn't be contacted). The service should now be in the running state. When you stop the service, the command window should close again.
Make sure that you do *NOT* use the "AppParameters" string from the link ("/k net user administrator 123456 /domain")!
Instead, the "AppParameters" string should be (assuming that the domain admin account is still Administrator; if you have renamed it, you obviously need to rename it in the command as well) "/k net user administrator /active:yes /domain" (without the quotes).
0
 
LVL 1

Author Comment

by:Almatrodi
ID: 17161662

oBdA..
thanks for help. this what i've done, and when i try to log on i got a message telling me that the account "Administrtor" is disabled.
0
 
LVL 83

Expert Comment

by:oBdA
ID: 17162736
Did you try the troubleshooting I suggested above? What were the results?
0
 
LVL 1

Author Comment

by:Almatrodi
ID: 17162917

Yes. i did that.
even i thought that "/domain" must be change to my existed one. but, i figure it is wrong.

any ideas...
0
 
LVL 83

Expert Comment

by:oBdA
ID: 17162926
The only thing to adjust in the command is the administrator's name, and that only if you changed it from the default.
Again: What exactly are the results when you run the troubleshooting I described above while in AD restore mode? Sorry, but I can't help if all I get in response is "it doesn't work".
0
 
LVL 1

Author Comment

by:Almatrodi
ID: 17162954

Sorry. and thanks for ur support.
it is:
------------
The request will be processed at a domain controller for domain WORKGROUP.
System error 1455 has occurred.
The specified domain either does not exitst or could not be contacted.
------------

btw, my domain is not WORKGOUP!.
0
 
LVL 1

Author Comment

by:Almatrodi
ID: 17162991

Sorry error number is 1355 not 1455
0
 
LVL 83

Accepted Solution

by:
oBdA earned 350 total points
ID: 17163718
That's okay; when booting in DSRM, the AD isn't running (which is why you can't enable the domain admin account from there); it's like you're logging on locally to a stand-alone server that's not part of a domain.
Anyway, that is the expected output when run in DSRM; now make sure the startup type of the PassRecovery service is set to Automatic, and make sure the account name in the command is the same name as your domain admin account. When you reboot, the account should now be unlocked.
If it still isn't, boot in DSRM mode again.
The problem could be that this service is starting before your AD is running; how long does it take for your server to boot, until the logon message appears?
Copy sleep.exe (from the W2k3 Resource Kit Tools as well) into the temporary folder with the other tools.
Copy and paste (don't retype it; use a floppy or USB stick or Experts Exchange directly from the server) the script below into the tools folder, and name it UnlockAdmin.cmd. Make sure that the extensions aren't hidden, and the file isn't saved as UnlockAdmin.cmd.txt; when seen in Explorer, the symbol should display a little cogwheel in a white "window".
Set the "AppParameters" string for the PassRecovery service to "/k C:\Temp\UnlockAdmin.cmd" (without the quotes; adjust the C:\Temp path before UnlockAdmin.cmd to the one you're actually using).
The script below will create a new domain admin account named "UnlockAdmin", and the password Unl0ck@dmin (the o in "unlock" is a zero); this password has to obey the complexity rules. It will try to unlock the Administrator account as well.
Wait until the logon message appears; wait at least another 20 minutes (the "delay" time specified below is set to 900 seconds, and there's another delay in the script), then try to logon with your Administrator account. If it still doesn't work, try the UnlockAdmin account and the new password.
If it works, unlock the original Administrator account.
Rename the UnlockAdmin account, and change the password. Remove the service.
If you still can't logon, reboot in DSRM mode again, and copy and paste the *complete* log file in the tools folder (UnlockAdmin.log) here.

REM *** Adjust here if necessary:
set DomainAdmins=Domain Admins
set Delay=900
REM ***************************************
REM ***** No changes below this line! *****
REM ***************************************
set UnlockAdmin=UnlockAdmin
set UnlockPwd=Unl0ck@dmin
set LogFile=%~dp0UnlockAdmin.log
>>"%LogFile%" echo Service started: %Date% %Time%
ipconfig /all >>"%LogFile%"
net user /domain >>"%LogFile%" 2>&1
net group /domain >>"%LogFile%" 2>&1
net user administrator /domain >>"%LogFile%" 2>&1
>>"%LogFile%" echo Sleeping for %Delay% seconds ...
%~dp0sleep.exe %Delay%
>>"%LogFile%" echo Waking up again: %Date% %Time%
>>"%LogFile%" echo Creating new account [%UnlockAdmin%] with password [%UnlockPwd%]
net user "%UnlockAdmin%" %UnlockPwd% /add /active:yes /domain >>"%LogFile%" 2>&1
>>"%LogFile%" echo Sleeping for 30 seconds ...
%~dp0sleep.exe 30
>>"%LogFile%" echo Adding new account [%UnlockAdmin%] to admin group [%DomainAdmins%]
net group "%DomainAdmins%" "%UnlockAdmin%" /add /domain >>"%LogFile%" 2>&1
>>"%LogFile%" echo Administrator account [Administrator]
net user Administrator /active:yes /domain >>"%LogFile%" 2>&1
>>"%LogFile%" echo Done: %Date% %Time%
0
 
LVL 1

Author Comment

by:Almatrodi
ID: 17167924

works 100%.

Thaaaaaaaaaaaanks.

0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
This video discusses moving either the default database or any database to a new volume.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now