Not able to change the Domain\Administrator account in the Active directory.

bsharath
bsharath used Ask the Experts™
on
Hi,

Not able to change the Domain\Administrator account in the Active directory.
---------------------------
Active Directory
---------------------------
Windows cannot complete the password change for Administrator because:
The administrative limit for this request was exceeded.
---------------------------
OK  
---------------------------

I get the above error when i change

Regards
Sharath
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Awarded 2009
Top Expert 2010

Commented:
There is a post here over at Microsoft that explains how to resolve this issue: http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/83087f21-ba51-414d-9202-badea56ba83b

I had it once and ended up deleting the user and re-creating it but it wasn't an administrator account, you may want to follow this procedure.

Author

Commented:
I did so but there is no options to solve it...

Author

Commented:
I get this error in the Event log but even here there is no solution
http://www.eventid.net/display.asp?eventid=12294&eventno=875&source=SAM&phase=1
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Awarded 2009
Top Expert 2010

Commented:
the first post on the link I provided explains how to find the attribute, once you have found it post back and we can investigate further.

Author

Commented:
Ok here is the data


Getting 1 entries:
>> Dn: CN=Administrator,CN=Users,DC=Development,DC=Build,DC=co,DC=uk
	4> objectClass: top; person; organizationalPerson; user; 
	1> cn: Administrator; 
	1> description: Administrators have complete and unrestricted access to the computer/domain; 
	1> distinguishedName: CN=Administrator,CN=Users,DC=Development,DC=Build,DC=co,DC=uk; 
	1> instanceType: 0x4 = ( IT_WRITE ); 
	1> whenCreated: 11/22/2001 21:10:3 India Standard Time India Standard Time; 
	1> whenChanged: 10/24/2009 19:43:26 India Standard Time India Standard Time; 
	1> displayName: Administrator; 
	1> uSNCreated: 14326; 
	11> memberOf: CN=Sophos DB Admins,CN=Users,DC=Development,DC=Build,DC=co,DC=uk; CN=Sophos DB Users,CN=Users,DC=Development,DC=Build,DC=co,DC=uk; CN=Nas_Admin,OU=Security Groups,OU=IND,OU=Countries,DC=Development,DC=Build,DC=co,DC=uk; CN=EMLibrary Users,CN=Users,DC=Development,DC=Build,DC=co,DC=uk; CN=Sophos Console Administrators,CN=Users,DC=Development,DC=Build,DC=co,DC=uk; CN=SophosDomainAdministrator,CN=Users,DC=Development,DC=Build,DC=co,DC=uk; CN=Exchange Services,CN=Users,DC=Development,DC=Build,DC=co,DC=uk; CN=Domain Admins,CN=Users,DC=Development,DC=Build,DC=co,DC=uk; CN=Administrators,CN=Builtin,DC=Development,DC=Build,DC=co,DC=uk; CN=Backup Operators,CN=Builtin,DC=Development,DC=Build,DC=co,DC=uk; CN=Exchange Domain Servers,CN=Users,DC=Development,DC=Build,DC=co,DC=uk; 
	1> deletedItemFlags: 0; 
	1> uSNChanged: 96334724; 
	1> company: Comp; 
	1> homeMTA: CN=Microsoft MTA,CN=Exchange1,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=Build,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Build,DC=co,DC=uk; 
	3> proxyAddresses: smtp:Administrator@Build.co.uk; X400:c=GB;a= ;p=Build;o=Exchange;s=Administrator;; SMTP:Administrator@Compplc.com; 
	1> homeMDB: CN=Common,CN=Second Storage Group,CN=InformationStore,CN=Exchange1,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=Build,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Build,DC=co,DC=uk; 
	1> mDBUseDefaults: FALSE; 
	1> mailNickname: Administrator; 
	1> name: Administrator; 
	1> objectGUID: 18e47634-a640-41ae-8a0e-dd85eb629ac9; 
	1> userAccountControl: 0x10200 = ( UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD ); 
	1> badPwdCount: 15; 
	1> codePage: 0; 
	1> countryCode: 0; 
	1> badPasswordTime: <ldp error <0x0>: cannot format time field; 
	1> lastLogoff: 0; 
	1> lastLogon: <ldp error <0x0>: cannot format time field; 
	1> logonHours: <ldp: Binary blob>; 
	1> pwdLastSet: <ldp error <0x0>: cannot format time field; 
	1> primaryGroupID: 513; 
	1> objectSid: S-1-5-21-1275210071-1979792683-1801674531-500; 
	1> adminCount: 1; 
	1> accountExpires: 0; 
	1> logonCount: 65535; 
	1> sAMAccountName: Administrator; 
	1> sAMAccountType: 805306368; 
	2> showInAddressBook: CN=Default Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=Build,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Build,DC=co,DC=uk; CN=All Users,CN=All Address Lists,CN=Address Lists Container,CN=Build,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Build,DC=co,DC=uk; 
	1> legacyExchangeDN: /o=Build/ou=First Administrative Group/cn=Recipients/cn=Administrator; 
	34> servicePrincipalName: MSSQLSvc/In-bkp-DLO.Development.Build.co.uk:1167; MSSQLSvc/t203.Development.Build.co.uk:1433; MSSQLSvc/inrv04.Development.Build.co.uk; MSSQLSvc/i04.Development.Build.co.uk:4611; MSSQLSvc/indbsrv04.Development.Build.co.uk:1373; MSSQLSvc/irv04.Development.Build.co.uk:1433; MSSQLSvc/in04.Development.Build.co.uk:1280; MSSQLSvc/inv04.Development.Build.co.uk:1335; MSSQLSvc/irv01.development.Build.co.uk:1280; MSSQLSvc/in1.development.Build.co.uk:1243; MSSQLSvc/in01.development.Build.co.uk:1433; MSSQLSvc/isrv03.development.Build.co.uk:1433; MSSQLSvc/indbsrv04.Development.Build.co.uk:1308; MSSQLSvc/inrv04.Development.Build.co.uk:1612; MSSQLSvc/cl02.Development.Build.co.uk:1433; MSSQLSvc/in04.Development.Build.co.uk:1155; MSSQLSvc/in04.Development.Build.co.uk:1168; MSSQLSvc/insrv04.Development.Build.co.uk:1159; MSSQLSvc/in-srv01.Development.Build.co.uk:1433; MSSQLSvc/INeV02.Development.Build.co.uk:1433; MSSQLSvc/maev01.Development.Build.co.uk:1433; MSSQLSvc/hydage.Development.Build.co.uk:1433; MSSQLSvc/inneye.Development.Build.co.uk:1433; MSSQLSvc/IN-B.Development.Build.co.uk:1232; MSSQLSvc/in-health-srv03.Development.Build.co.uk:1091; MSSQLSvc/inv03.Development.Build.co.uk:1078; MSSQLSvc/VMage.Development.Build.co.uk:1433; MSSQLSvc/in-srv03.Development.Build.co.uk:1076; MSSQLSvc/inrv01.Development.Build.co.uk:1433; MSSQLSvc/in02.Development.Build.co.uk:1433; MSSQLSvc/IME-SRV01.Development.Build.co.uk:1433; MSSQLSvc/let.Development.Build.co.uk:1433; MSSQLSvc/dev-ch87.Development.Build.co.uk:1433; MSSQLSvc/knlaptop.Development.Build.co.uk:1433; 
	1> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=Build,DC=co,DC=uk; 
	1> isCriticalSystemObject: TRUE; 
	1> mSMQSignCertificates: <ldp: Binary blob>; 
	777> mSMQDigests: <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; w	dblD),C; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; X$'q9F"sVf; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; >c8"&'v=g#.; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; bKT,AZiqO5
x"b; <ldp: Binary blob>; !.TB"K,|+5; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp: Binary blob>; <ldp...
	1> textEncodedORAddress: c=GB;a= ;p=Build;o=Exchange;s=Administrator;; 
	1> mail: Administrator@Compplc.com; 
	1> msExchPoliciesIncluded: {8AB4D02E-7F61-4982-BA88-88F4295170B3},{26491CFC-9E50-4857-861B-0CB8DF22B5D7}; 
	1> msExchHomeServerName: /o=Build/ou=First Administrative Group/cn=Configuration/cn=Servers/cn=Exchange1; 
	1> msExchALObjectVersion: 234; 
	1> msExchMailboxSecurityDescriptor: <ldp: Binary blob>; 
	1> msExchUserAccountControl: 0; 
	1> msExchMailboxGuid: 2e20a6ea-42f9-42b2-9535-87c3bc8951ae; 
-----------

Open in new window

Awarded 2009
Top Expert 2010
Commented:
This value: 777> mSMQDigests: states this attribute has 777 entries, I would suggest this is causing your problem.

Export the administrator account attributes by running the following command:

ldifde -m -f c:\administrator.ldf -d "CN=Administrator,CN=Users,DC=Development,DC=Build,DC=co,DC=uk"

you can then right click on the administrator account in LDP select modify.
In the attribute field enter mSMQDigests then select delete and click enter then click the run command.

This will delete this attribute.

Then try resetting the password.

Author

Commented:
There is one file created in C drive
administrator.ldf
Now how can i open it?
Awarded 2009
Top Expert 2010

Commented:
you can open it in notepad, this is just an export of the attribute you are deleting but open it to check it actually has some data in it.

Author

Commented:
Sorry for the delay...I dont know why i am using the correct credentials in LDP but it does not get me in
Awarded 2009
Top Expert 2010

Commented:
You don't need to enter any credentials as long as you are logged in as a user that has the correct permissions just follow the instructions in the link I provided then my previous post to modify the attribute.
Awarded 2009
Top Expert 2010

Commented:
Your other option is to just disable the administrator account and create a new user .

Or if you know when this started happening perform a Directory Services Restore?

Author

Commented:
Thank U ...demazter..You are a real GENIUS...

I went the whole net to find this and failed but you got me this done...
thank U
Awarded 2009
Top Expert 2010

Commented:
Glad to be of assistance.
Just remember to close the other questions as well

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial