How recover lost administrator password for DC
Hello experts!!
I'm unable to login in the DC - windows server 2003 enterprise edition... using my admin password
I have tried:
* Restarting the DC in Directory Service Restore Mode but still I'm not able to go further..
* tried login with other possible accounts
* I have already tried the Petri option... http://www.petri.co.il/reset_domain_admin_password_in_windows_server_2003_ad.htm
and nothing...
Would someone help me find out a tool I can run in order to recover the password?
I'll really appreciate your help!
I'm unable to login in the DC - windows server 2003 enterprise edition... using my admin password
I have tried:
* Restarting the DC in Directory Service Restore Mode but still I'm not able to go further..
* tried login with other possible accounts
* I have already tried the Petri option... http://www.petri.co.il/reset_domain_admin_password_in_windows_server_2003_ad.htm
and nothing...
Would someone help me find out a tool I can run in order to recover the password?
I'll really appreciate your help!
Bryon H
if you have any other domain administrator account - you could log in as them and just reset the password for 'administrator', any chance on that?
ASKER
nope, I just have one DC.. :(
right but do you have another USER that has domain admin rights? such as joe.tech or some internal username what would have access to this? if you do, you could just log in as them, then open active directory, reset the administrator password
ASKER
bryon44035v3:
I have 2 users and it doesn't let me access :(
ssparks827
what does this software do?.. it just says emergency boot...
I have 2 users and it doesn't let me access :(
ssparks827
what does this software do?.. it just says emergency boot...
I'm sorry was thinking this was for logging in local password.
http://www.petri.co.il/reset_domain_admin_password_in_windows_server_2003_ad.htm
did you do the step by step on the other page?
Do you have another user with domain admin rights?
I hate to have you have to pay for something but this might work for you
http://www.lostpassword.com/windows.htm
if you don't have another user to get in and change the admin password.
I used lostpassword for domain stuff along time ago when it was free and it worked.
there are serveral types of these software out there...download the trial and see if it will list the users...if it does then you will be able to reset the password to blank.
http://www.petri.co.il/reset_domain_admin_password_in_windows_server_2003_ad.htm
did you do the step by step on the other page?
Do you have another user with domain admin rights?
I hate to have you have to pay for something but this might work for you
http://www.lostpassword.com/windows.htm
if you don't have another user to get in and change the admin password.
I used lostpassword for domain stuff along time ago when it was free and it worked.
there are serveral types of these software out there...download the trial and see if it will list the users...if it does then you will be able to reset the password to blank.
are you talking about the domain administrator or the local administrator of the server? If local administrator, try this:
http://www.pogostick.net/~pnh/ntpasswd/bootdisk.html
I've used this multiple times and it works without fail. Word of advice: Set password to Null. Don't try to change it. Doesn't work right.
This utility won't reset the password of an AD account.
http://www.pogostick.net/~pnh/ntpasswd/bootdisk.html
I've used this multiple times and it works without fail. Word of advice: Set password to Null. Don't try to change it. Doesn't work right.
This utility won't reset the password of an AD account.
hey do you have any workstations with the cached/remembered administrator password??
even if it's for a network share, email, etc... anything that accessed the server from the network as administrator?
even if it's for a network share, email, etc... anything that accessed the server from the network as administrator?
As you're able to access the DC and reboot it into DSRM, you can try to use the method to set the logon screen's screen save to cmd and reboot back into normal mode. After a delay, it will give you a command prompt with system access and able to start dsa.msc or use dsquery,dsmod command line tools to reset the domain's administrator password.
Remember to restore the registry changes when done to not have a wide open door for anyone visiting the console.
http://www.petri.co.il/reset_domain_admin_password_in_windows_2000_ad.htm
Remember to restore the registry changes when done to not have a wide open door for anyone visiting the console.
http://www.petri.co.il/reset_domain_admin_password_in_windows_2000_ad.htm
I missed that the method I posted will not work if DC is Win2003.
I should had tested before posting to confirm it, but the method turned out to only give readonly access in Win2003 as the tools is launched as local service account with lack of permissions.
You say you have tested the 2003-method described in the 2003-version of the petri-article. To troubleshoot, what happens if you tail the command launched with "> c:\temp\netuser-output.txt
AppParameters: /k net user administrator 123456 /domain > c:\temp\netuser-output.txt
I should had tested before posting to confirm it, but the method turned out to only give readonly access in Win2003 as the tools is launched as local service account with lack of permissions.
You say you have tested the 2003-method described in the 2003-version of the petri-article. To troubleshoot, what happens if you tail the command launched with "> c:\temp\netuser-output.txt
AppParameters: /k net user administrator 123456 /domain > c:\temp\netuser-output.txt
@ARPI
I'm a little concerned at some of the details here.
Firstly, did you or anyone else change the password causing you to not be able to log on?
have you restored anything from backup recently that could have caused it to revert to an old password?
Have you simply forgotten the password?
Secondly, you advise you have already tried the method in the petri.co.il which normally works fine. Either you didnt follow it correctly or there is an underlying problem with the server.
Did you get any errors or problems while trying the method thhere or did it appear to work ok?
Do you have any accounts on the network that may have acess to the server remotely (even checking the event logs would do)
Can you log onto valid domaain accounts on the network generally or is evveryone locked out?
can you log on with your admin account on a PC instead of the server?
I'm a little concerned at some of the details here.
Firstly, did you or anyone else change the password causing you to not be able to log on?
have you restored anything from backup recently that could have caused it to revert to an old password?
Have you simply forgotten the password?
Secondly, you advise you have already tried the method in the petri.co.il which normally works fine. Either you didnt follow it correctly or there is an underlying problem with the server.
Did you get any errors or problems while trying the method thhere or did it appear to work ok?
Do you have any accounts on the network that may have acess to the server remotely (even checking the event logs would do)
Can you log onto valid domaain accounts on the network generally or is evveryone locked out?
can you log on with your admin account on a PC instead of the server?
ASKER
totallytonto:
Nobody changed the password, and I'm not able to use my local admin password either.
we didn't cahnge anything on the servers, what only happened the about 3 days before the server was shut down...and we had to physically turn on..I'm assuming that it did make few windows updates..but 2 days later (the shut down) this started happening...
I did not get any errors when thse server boots up...I just got only the error of the login.
I have tried another one but also it doesn't let me get it...I'm able to login locally to other servers but not to the DC.
I'm able to access the PC with the admin password (network) but it doesn't give me access to any of the network...
Nobody changed the password, and I'm not able to use my local admin password either.
we didn't cahnge anything on the servers, what only happened the about 3 days before the server was shut down...and we had to physically turn on..I'm assuming that it did make few windows updates..but 2 days later (the shut down) this started happening...
I did not get any errors when thse server boots up...I just got only the error of the login.
I have tried another one but also it doesn't let me get it...I'm able to login locally to other servers but not to the DC.
I'm able to access the PC with the admin password (network) but it doesn't give me access to any of the network...
>> I did not get any errors when thse server boots up...I just got only the error of the login.
What error do you get when trying to logon to DC's console? Incorrect password or something else?
>> I'm able to access the PC with the admin password (network) but it doesn't give me access to any of the network...
So, you can logon with the domain admin's user/password on another machine?
As you had tried to use srvany in original question, did you try to get the output from srvany into a textfile by changing AppParameters as suggested in http:#33436428?
What error do you get when trying to logon to DC's console? Incorrect password or something else?
>> I'm able to access the PC with the admin password (network) but it doesn't give me access to any of the network...
So, you can logon with the domain admin's user/password on another machine?
As you had tried to use srvany in original question, did you try to get the output from srvany into a textfile by changing AppParameters as suggested in http:#33436428?
ASKER
@ARPI,
Thanks, I think we're getting to the details on this now. It doesn't matter how many utils you use to reset the password as it doesn't appear the password is 'wrong' as such. I suspect the server itself is having a problem.
Could you log onto a PC with the admin password again and check the event logs on the PC for any errors/warnings. i suspect there may be some issues contacting the DC.
Also, if you can use the petri guide to get logged onto the server in AD restore mode, you should be able to get access to the event viewer on the server to check that too.
Thanks, I think we're getting to the details on this now. It doesn't matter how many utils you use to reset the password as it doesn't appear the password is 'wrong' as such. I suspect the server itself is having a problem.
Could you log onto a PC with the admin password again and check the event logs on the PC for any errors/warnings. i suspect there may be some issues contacting the DC.
Also, if you can use the petri guide to get logged onto the server in AD restore mode, you should be able to get access to the event viewer on the server to check that too.
ASKER
totallytonto,
I'm not able to access AD in restore mode...still asks for my admin local or domain password...
I'm not able to access AD in restore mode...still asks for my admin local or domain password...
"* I have already tried the Petri option... http://www.petri.co.il/reset_domain_admin_password_in_windows_server_2003_ad.htm
and nothing..."
so, by 'nothing' you meant you didnt know that password either?
did you check the event logs of the PC?
and nothing..."
so, by 'nothing' you meant you didnt know that password either?
did you check the event logs of the PC?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
totallytonto,
I do have the local and domain passwords but none works when I login in DC...
I have checked in one of the workstations and I got the errors:
Under SECURITY----->
event ID: 680
Logon attempt by: MICROSOFT_AUTHENTICATION_P
Logon account: xxxx
Source Workstation: 210L_001
Error Code: 0xC0000064
Other error I get also:
event ID:12
Audit Policy Change:
New Policy:
Success Failure
- - Logon/Logoff
- - Object Access
- - Privilege Use
- - Account Management
- - Policy Change
- - System
- - Detailed Tracking
- - Directory Service Access
- - Account Logon
Changed By:
User Name: MY_WORKSTATION_NAME$
Domain Name: WORKGROUP
Logon ID: (0x0,0x3E7)
For more information, see Help and Support Center at ....
under Applications Event --->
Event ID:1030
Windows cannot bind to MYDOMAINNAME (Invalid Credentials). Group Policy processing aborted.
AND
Event ID:15
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.
I do have the local and domain passwords but none works when I login in DC...
I have checked in one of the workstations and I got the errors:
Under SECURITY----->
event ID: 680
Logon attempt by: MICROSOFT_AUTHENTICATION_P
Logon account: xxxx
Source Workstation: 210L_001
Error Code: 0xC0000064
Other error I get also:
event ID:12
Audit Policy Change:
New Policy:
Success Failure
- - Logon/Logoff
- - Object Access
- - Privilege Use
- - Account Management
- - Policy Change
- - System
- - Detailed Tracking
- - Directory Service Access
- - Account Logon
Changed By:
User Name: MY_WORKSTATION_NAME$
Domain Name: WORKGROUP
Logon ID: (0x0,0x3E7)
For more information, see Help and Support Center at ....
under Applications Event --->
Event ID:1030
Windows cannot bind to MYDOMAINNAME (Invalid Credentials). Group Policy processing aborted.
AND
Event ID:15
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.
it is possible to change the AD recovery password using the normal XP password reset tools found on a lot of bootdisks (Winternals ERD for example) but it doesnt always work. Its worth a try as if you can get in to restore mode you can probably fix it.
I'm not convinved the password is the issue though. These errors suggest the passwords/login cannot even be processed.
Can the PC ping the server or browse to it?
Try opening the servers event viewer from the PC. It may not work as you arent logged in as admin but its worth a try.
Id consider disconnecting ALL the network cables from the server and trying to log in again as no NIC often causes the server to authenticate in s slightly different way.
I'm not convinved the password is the issue though. These errors suggest the passwords/login cannot even be processed.
Can the PC ping the server or browse to it?
Try opening the servers event viewer from the PC. It may not work as you arent logged in as admin but its worth a try.
Id consider disconnecting ALL the network cables from the server and trying to log in again as no NIC often causes the server to authenticate in s slightly different way.
ASKER
totallytonto:
Yes the PC is able to ping the DC IP address...and I'm able to pull the remote but when I try to authenticate got the error authentication message..
server-ping.png
server2.JPG
Yes the PC is able to ping the DC IP address...and I'm able to pull the remote but when I try to authenticate got the error authentication message..
server-ping.png
server2.JPG
any luck without the network cables?
ASKER
totallytonto,
No luck...doesn't let me get in...
No luck...doesn't let me get in...
ASKER
Thanks to all!! will have to redo the DC...