[Last Call] Learn how to a build a cloud-first strategyRegister Now


Locke out of Active Directory

Posted on 2009-04-29
Medium Priority
Last Modified: 2012-05-06
I am runnning a windows 2003 server as a domain controller and my named domain admin account has become locked out. I am not guru with AD so need some help.

Not sure the name of the default AD domain admin account. I tried logging in with my domain admin account and is locked out which tells me its not the default account. The only access I can get is to the Directory Services Restore mode, and I cant open AD users and computers with that account.

Is there a way to unlock an account so I can access this DC, dont really want to reinstall anything as I have setup numberous policies that will have to be recreated, which leads me to part 2 of the equation.

If I cannot get back into the system, can I backup AD somehow and import that backup into a clean build?

Spent all day on this.
Question by:dwarner8
  • 2

Expert Comment

ID: 24263792
The default admin username is administrator (if your windows is in english)

Author Comment

ID: 24264015
Ah, the renamed account is xadministrator,however, whenever I login, it tells me to change the password but when I do, it says your account is locked out. I tried logging in as administrator and as xadministrator  and nothing works.

Accepted Solution

dwarner8 earned 0 total points
ID: 24408607
I solved it myself from another thread.

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question