[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Logging into server that is no longer a domain member....

Posted on 2010-01-03
11
Medium Priority
?
215 Views
Last Modified: 2012-05-08
So, in my infinite wisdom, I took down my DC today, intentionally.  Little did I realize that the local domain accounts had been disabled on (most) all of the servers.  So now, the PCs no longer have connectivity to the domain, I can't get into safe-mode without it rebooting within about 10 seconds of doing so, and the local admin passwords that I know to be correct are not working.

Am I boned?
0
Comment
Question by:tbaze
  • 5
  • 3
9 Comments
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 26167220
If its still a DC that hasn't been demoted, you can boot into "Directory Service Restore Mode" and try to re-enable the computer account.
0
 

Author Comment

by:tbaze
ID: 26167225
It's not a DC and there are no remaining "original" DCs in that domain.  I recreated the domain altogether with a new DC, hence the "the trust relationship between this workstation and the primary domain failed." I suppose.
0
 
LVL 31

Accepted Solution

by:
Henrik Johansson earned 1000 total points
ID: 26167278
In that case, you nead to restore the system state of the old DC. If you can't do that, the domain is toasted.
Re-creating the domain will give it a new domain-SID different from the original domain (doesn't matter if it's the same name) and the computers nead to be rejoined to the domain and the users nead to be recreated.
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
LVL 2

Assisted Solution

by:kortina
kortina earned 1000 total points
ID: 26167280
you will need to rejoin all of the workstations to the new domain.

To do this you will need an account with administrator rights on EACH of the workstations, your old domain admin account will not work as your DC is no longer available.

You *MAY* be able to log on using a domain account that has previously logged on to the workstaiton, this is called using cached credentials.

Because you have physical access to the workstations, you could also try some 3rd party tools that will 'reset' the local administrators password. I remember using one of these a few years ago on an XP workstation.
0
 

Assisted Solution

by:tbaze
tbaze earned 0 total points
ID: 26167552
I figured this out - using the cached admin credentials I had on each box (fortunately), as long as I disconnected from the network, I could use them to get in.  Doing this, I left the domains, used the local admin accounts upon new logon and subsequently added the machines back to the domain.  Now if only I could remedy this nagging GPO issue.
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 26170471
As both http:#26167278 and http:#26167280 posted that you nead to rejoin the computers to the new domain, it had been fair to award points through a split (use 'accept multiple solutions' in the 'Expert comments') instead of  accepting your own comment as figured it out on your own.
You can have your comment as primary answer and the other 'Expert comments' as assist in the solution by using 'accept and award points' link in your comment.
0
 

Author Comment

by:tbaze
ID: 26170841
I never booted into DSR mode nor was there a DC that hadn't been demoted.  The DCs had been demoted.  I also did not have to restore the system state of the old device.  I'm not sure how any of this helped me arrive at my solution but ok.
0
 

Author Comment

by:tbaze
ID: 26170848
Oh and I knew I had to get them onto the new domain the whole time, it was the logging in that was problematic, that I ultimately did with my old domain admin accounts that had been cached - they would only go through while disconnected.  No other accounts would work.
0
 

Author Closing Comment

by:tbaze
ID: 31672192
None of these steps were actually needed in the solution for my problem nor did they lead me to my solution.  My intent of logging back into the machines the entire time was to rejoin them to the domain, it was the getting back into in the first place that was problematic.  Unfortunately, a mod thinks I need to split this amongst users so that's what I'm doing.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question