Account Administrator is disable. Help

Hi.

i was playing arround with my server 2003 and i disabled Administrator account. i can not login now. i don't have another domain.

What can i do?.

please help.

LVL 1
Abdurahman AlmatrodiBusiness DevelopmentAsked:
Who is Participating?
 
oBdACommented:
That's okay; when booting in DSRM, the AD isn't running (which is why you can't enable the domain admin account from there); it's like you're logging on locally to a stand-alone server that's not part of a domain.
Anyway, that is the expected output when run in DSRM; now make sure the startup type of the PassRecovery service is set to Automatic, and make sure the account name in the command is the same name as your domain admin account. When you reboot, the account should now be unlocked.
If it still isn't, boot in DSRM mode again.
The problem could be that this service is starting before your AD is running; how long does it take for your server to boot, until the logon message appears?
Copy sleep.exe (from the W2k3 Resource Kit Tools as well) into the temporary folder with the other tools.
Copy and paste (don't retype it; use a floppy or USB stick or Experts Exchange directly from the server) the script below into the tools folder, and name it UnlockAdmin.cmd. Make sure that the extensions aren't hidden, and the file isn't saved as UnlockAdmin.cmd.txt; when seen in Explorer, the symbol should display a little cogwheel in a white "window".
Set the "AppParameters" string for the PassRecovery service to "/k C:\Temp\UnlockAdmin.cmd" (without the quotes; adjust the C:\Temp path before UnlockAdmin.cmd to the one you're actually using).
The script below will create a new domain admin account named "UnlockAdmin", and the password Unl0ck@dmin (the o in "unlock" is a zero); this password has to obey the complexity rules. It will try to unlock the Administrator account as well.
Wait until the logon message appears; wait at least another 20 minutes (the "delay" time specified below is set to 900 seconds, and there's another delay in the script), then try to logon with your Administrator account. If it still doesn't work, try the UnlockAdmin account and the new password.
If it works, unlock the original Administrator account.
Rename the UnlockAdmin account, and change the password. Remove the service.
If you still can't logon, reboot in DSRM mode again, and copy and paste the *complete* log file in the tools folder (UnlockAdmin.log) here.

REM *** Adjust here if necessary:
set DomainAdmins=Domain Admins
set Delay=900
REM ***************************************
REM ***** No changes below this line! *****
REM ***************************************
set UnlockAdmin=UnlockAdmin
set UnlockPwd=Unl0ck@dmin
set LogFile=%~dp0UnlockAdmin.log
>>"%LogFile%" echo Service started: %Date% %Time%
ipconfig /all >>"%LogFile%"
net user /domain >>"%LogFile%" 2>&1
net group /domain >>"%LogFile%" 2>&1
net user administrator /domain >>"%LogFile%" 2>&1
>>"%LogFile%" echo Sleeping for %Delay% seconds ...
%~dp0sleep.exe %Delay%
>>"%LogFile%" echo Waking up again: %Date% %Time%
>>"%LogFile%" echo Creating new account [%UnlockAdmin%] with password [%UnlockPwd%]
net user "%UnlockAdmin%" %UnlockPwd% /add /active:yes /domain >>"%LogFile%" 2>&1
>>"%LogFile%" echo Sleeping for 30 seconds ...
%~dp0sleep.exe 30
>>"%LogFile%" echo Adding new account [%UnlockAdmin%] to admin group [%DomainAdmins%]
net group "%DomainAdmins%" "%UnlockAdmin%" /add /domain >>"%LogFile%" 2>&1
>>"%LogFile%" echo Administrator account [Administrator]
net user Administrator /active:yes /domain >>"%LogFile%" 2>&1
>>"%LogFile%" echo Done: %Date% %Time%
0
 
Abdurahman AlmatrodiBusiness DevelopmentAuthor Commented:

i did not forget it. i disabled it. do you think it will work?.

0
Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

 
Jay_Jay70Commented:
how in the world did you manage to do that!!!

you have no other accounts that you can log on with?
0
 
wingateslCommented:
The program  davy999 pointed you to will enable the account as well
0
 
NAORCCommented:
If you have any other accounts that have administrator rights, you can log in under that account and re-enable administrator..

i'm probably pointing out the obvious and it was more than likely the first thing you tried, but who knows.
0
 
Abdurahman AlmatrodiBusiness DevelopmentAuthor Commented:

Still can not make Administrator work.

NAORC i don't have it.
0
 
Abdurahman AlmatrodiBusiness DevelopmentAuthor Commented:

it gives me a msg "this acount is disabled......"
0
 
wingateslCommented:
ntpasswd enabled the account, you may have downloaded a different program
0
 
Abdurahman AlmatrodiBusiness DevelopmentAuthor Commented:

Did not work. maybe my hard disks are Dynamic disks?.

0
 
Abdurahman AlmatrodiBusiness DevelopmentAuthor Commented:

Hello...

no answers!.

0
 
Jay_Jay70Commented:
no ideas!
0
 
oBdACommented:
Follow the description in davy999's link (http://www.petri.co.il/reset_domain_admin_password_in_windows_server_2003_ad.htm) to the letter, but replace the net.exe parameters with the command to enable the account again (and ignore the part about the resetting the password):

name: AppParameters
type: REG_SZ (string)
value: /k net user administrator /active:yes /domain
0
 
Abdurahman AlmatrodiBusiness DevelopmentAuthor Commented:

oBdA..

i did as u typed. still getting "Your account has been disabled. Please see your system administrator".

please... HELLLLLP.

0
 
oBdACommented:
I'll need to test this, but I won't get around to it before the weekend, sorry.
0
 
Abdurahman AlmatrodiBusiness DevelopmentAuthor Commented:

i'll wait.

0
 
oBdACommented:
Works flawlessly here, so you must have missed something.
As for troubleshooting: when you try to start the PassRecovery service while still in Active Directory Restore Mode, a command window should come up, and you should see an error message (1355, domain couldn't be contacted). The service should now be in the running state. When you stop the service, the command window should close again.
Make sure that you do *NOT* use the "AppParameters" string from the link ("/k net user administrator 123456 /domain")!
Instead, the "AppParameters" string should be (assuming that the domain admin account is still Administrator; if you have renamed it, you obviously need to rename it in the command as well) "/k net user administrator /active:yes /domain" (without the quotes).
0
 
Abdurahman AlmatrodiBusiness DevelopmentAuthor Commented:

oBdA..
thanks for help. this what i've done, and when i try to log on i got a message telling me that the account "Administrtor" is disabled.
0
 
oBdACommented:
Did you try the troubleshooting I suggested above? What were the results?
0
 
Abdurahman AlmatrodiBusiness DevelopmentAuthor Commented:

Yes. i did that.
even i thought that "/domain" must be change to my existed one. but, i figure it is wrong.

any ideas...
0
 
oBdACommented:
The only thing to adjust in the command is the administrator's name, and that only if you changed it from the default.
Again: What exactly are the results when you run the troubleshooting I described above while in AD restore mode? Sorry, but I can't help if all I get in response is "it doesn't work".
0
 
Abdurahman AlmatrodiBusiness DevelopmentAuthor Commented:

Sorry. and thanks for ur support.
it is:
------------
The request will be processed at a domain controller for domain WORKGROUP.
System error 1455 has occurred.
The specified domain either does not exitst or could not be contacted.
------------

btw, my domain is not WORKGOUP!.
0
 
Abdurahman AlmatrodiBusiness DevelopmentAuthor Commented:

Sorry error number is 1355 not 1455
0
 
Abdurahman AlmatrodiBusiness DevelopmentAuthor Commented:

works 100%.

Thaaaaaaaaaaaanks.

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.