I faced a big problem within one of my clients.
They have Windows 2008 Server as Domain server installed inside VMware ESX, and some hackers attacked it. They managed to break into 2nd server, which was not part of AD and installed lots of garbage on it, but this was solved.
The main problem is that hackers did "something" to ALL Admin accounts on main DC (Windows 2008 Server) - I cannot login onto it with ANY of admin accounts, neither with local Administrator.
Maybe they were trying so many times, that accounts got locked out, and since none of services run as Administrator, this DC is practically functioning 100%, except I cannot login as Admin.
Now, the problem is that I need to restore Admin account, reset its password, or unlock it, but have no idea, how to do it, since all googled methods were not sucessfull:
First I tried with Directory Services Restore Mode, pressed F8 upon system start, but only "Safe Mode" and "Normal Start" is available in this menu. Am I doing something wrong, or is this option removed from Server 2008?