• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 466
  • Last Modified:

Locked out of Active Directory

Hello,

I locked myself out of Active Directory. The default administrator account was already disabled during the installation (standard procedure in SBS 2008) and the special administrative account was accidentally deleted from Exchange (deleted the mailbox not knowing that this also deletes the AD account)

Is there any way to restore this account? I have no other administrative accounts in this AD and I would like to know if there are ways of restoring this fault without needing to do a full restore from a back-up

Thanks in advance
0
Supracom
Asked:
Supracom
  • 4
  • 3
1 Solution
 
vmwarun - ArunCommented:
If you remember the disabled Administrator account's password then you can try this
How do I re-enable the Administrator's account in Windows SBS 2008?
http://social.technet.microsoft.com/Forums/en-US/winservermanager/thread/9bfa81f2-e56d-435d-9350-a2f054248f42 
0
 
SupracomAuthor Commented:
Hello,

That's just my problem, I cannot log in to this server anymore with an account with administrative rights. I assume that I cannot enable a domain administrator account from a local admin account from safe mode...
0
 
vmwarun - ArunCommented:
Login as a normal user account into the Domain and try using the RunAs Command to increase the privilege to that of an Administrator (disabled account).
If I remember correctly, the RunAs Command only checks the credentials and not the status of the account (enabled or disabled) for elevating the privileges.
More RunAs Command options
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/runas.mspx?mfr=true
Another alternative would be to boot into Directory Services Restore Mode and type the disabled Administrator account 's password to get in.

CAUTION : Do this only after office hours or schedule a downtime .
 
0
Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

 
SupracomAuthor Commented:
lol, I had a copy of this virtual machine from yesterday. I just copied the NTDS folder which contains the AD en moved it to this machine. Simple but effective because everything works now!

Regards

Matthijs
0
 
vmwarun - ArunCommented:
You might have lost your recent User Creations and other such configuration.
Never use VMware Snapshots or VMware Backups of Active Directory since this tends to revert the status of Active Directory NTDS.dit file thereby resulting in loss of information.
0
 
SupracomAuthor Commented:
I agree. Only in this case we are sure that nothing has changed in AD since the error started.
0
 
vmwarun - ArunCommented:
If you are sure, then fine :)
0
 
eridzoneCommented:
Did you try 3rd party bootable CD's for reseting or enabling DSRM password ?
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now