Locked out of Active Directory
Hello,
I locked myself out of Active Directory. The default administrator account was already disabled during the installation (standard procedure in SBS 2008) and the special administrative account was accidentally deleted from Exchange (deleted the mailbox not knowing that this also deletes the AD account)
Is there any way to restore this account? I have no other administrative accounts in this AD and I would like to know if there are ways of restoring this fault without needing to do a full restore from a back-up
Thanks in advance
I locked myself out of Active Directory. The default administrator account was already disabled during the installation (standard procedure in SBS 2008) and the special administrative account was accidentally deleted from Exchange (deleted the mailbox not knowing that this also deletes the AD account)
Is there any way to restore this account? I have no other administrative accounts in this AD and I would like to know if there are ways of restoring this fault without needing to do a full restore from a back-up
Thanks in advance
ASKER
Hello,
That's just my problem, I cannot log in to this server anymore with an account with administrative rights. I assume that I cannot enable a domain administrator account from a local admin account from safe mode...
That's just my problem, I cannot log in to this server anymore with an account with administrative rights. I assume that I cannot enable a domain administrator account from a local admin account from safe mode...
Login as a normal user account into the Domain and try using the RunAs Command to increase the privilege to that of an Administrator (disabled account).
If I remember correctly, the RunAs Command only checks the credentials and not the status of the account (enabled or disabled) for elevating the privileges.
More RunAs Command options
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/runas.mspx?mfr=true
Another alternative would be to boot into Directory Services Restore Mode and type the disabled Administrator account 's password to get in.
CAUTION : Do this only after office hours or schedule a downtime .
If I remember correctly, the RunAs Command only checks the credentials and not the status of the account (enabled or disabled) for elevating the privileges.
More RunAs Command options
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/runas.mspx?mfr=true
Another alternative would be to boot into Directory Services Restore Mode and type the disabled Administrator account 's password to get in.
CAUTION : Do this only after office hours or schedule a downtime .
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You might have lost your recent User Creations and other such configuration.
Never use VMware Snapshots or VMware Backups of Active Directory since this tends to revert the status of Active Directory NTDS.dit file thereby resulting in loss of information.
Never use VMware Snapshots or VMware Backups of Active Directory since this tends to revert the status of Active Directory NTDS.dit file thereby resulting in loss of information.
ASKER
I agree. Only in this case we are sure that nothing has changed in AD since the error started.
If you are sure, then fine :)
Did you try 3rd party bootable CD's for reseting or enabling DSRM password ?
How do I re-enable the Administrator's account in Windows SBS 2008?
http://social.technet.microsoft.com/Forums/en-US/winservermanager/thread/9bfa81f2-e56d-435d-9350-a2f054248f42