Locked out of Active Directory

Hello,

I locked myself out of Active Directory. The default administrator account was already disabled during the installation (standard procedure in SBS 2008) and the special administrative account was accidentally deleted from Exchange (deleted the mailbox not knowing that this also deletes the AD account)

Is there any way to restore this account? I have no other administrative accounts in this AD and I would like to know if there are ways of restoring this fault without needing to do a full restore from a back-up

Thanks in advance
SupracomAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

vmwarun - ArunCommented:
If you remember the disabled Administrator account's password then you can try this
How do I re-enable the Administrator's account in Windows SBS 2008?
http://social.technet.microsoft.com/Forums/en-US/winservermanager/thread/9bfa81f2-e56d-435d-9350-a2f054248f42 
0
SupracomAuthor Commented:
Hello,

That's just my problem, I cannot log in to this server anymore with an account with administrative rights. I assume that I cannot enable a domain administrator account from a local admin account from safe mode...
0
vmwarun - ArunCommented:
Login as a normal user account into the Domain and try using the RunAs Command to increase the privilege to that of an Administrator (disabled account).
If I remember correctly, the RunAs Command only checks the credentials and not the status of the account (enabled or disabled) for elevating the privileges.
More RunAs Command options
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/runas.mspx?mfr=true
Another alternative would be to boot into Directory Services Restore Mode and type the disabled Administrator account 's password to get in.

CAUTION : Do this only after office hours or schedule a downtime .
 
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

SupracomAuthor Commented:
lol, I had a copy of this virtual machine from yesterday. I just copied the NTDS folder which contains the AD en moved it to this machine. Simple but effective because everything works now!

Regards

Matthijs
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
vmwarun - ArunCommented:
You might have lost your recent User Creations and other such configuration.
Never use VMware Snapshots or VMware Backups of Active Directory since this tends to revert the status of Active Directory NTDS.dit file thereby resulting in loss of information.
0
SupracomAuthor Commented:
I agree. Only in this case we are sure that nothing has changed in AD since the error started.
0
vmwarun - ArunCommented:
If you are sure, then fine :)
0
eridzoneCommented:
Did you try 3rd party bootable CD's for reseting or enabling DSRM password ?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SBS

From novice to tech pro — start learning today.