• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 415
  • Last Modified:

Domain admin password corruption/change.

I have a domain with 2 AD controllers.
Upon rebooting either controller we are not able to log into the system with the admin account.
We can change the password (to the same thing as before) on the other AD controller we can then log in.

I have enabled auditing on the system to see if something is changing the password (policy) and nothing is/has.

I have looked at the FSMO roles to find that the domain controller (operations masters) cannot be found (i.e., ERROR) upon reboot.  if I force a sync, via Sites & Services, they FSMO roles return to normal.

I know that there is a misconfiguration someplace or some parts of the system are not communicating properly, however there are no DNS errors to indicate a naming issue and WINS is functioning properly.

Any ideas?
0
Jeff Morlen
Asked:
Jeff Morlen
  • 5
  • 2
1 Solution
 
Jeff MorlenNetwork EngineerAuthor Commented:
BTW: Both AD Controllers pass the DCDIAG test with no errors.
0
 
OriNetworksCommented:
Backup systemstate of both, remove one from domain conroller role and see if the one dc gives you any problems. Be sure to seize all roles to this domain controller. Promote the other back to dc role and transfer any necessary demo roles. Maybe this will sync up any problems.  Other than that, any recent changes?
0
 
Jeff MorlenNetwork EngineerAuthor Commented:
That is the path that I was heading down, but was hoping that someone had seen and then fixed this.

Due to this servers being part of a network that needs to be up 24/7, maintenance will have to be scheduled.

If someone else has seen this and fixed it, please let me know ASAP.  I'll be scheduling this work to be done soon.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
Jeff MorlenNetwork EngineerAuthor Commented:
Anybody else have a solution other than an AD Server rebuild?
0
 
OriNetworksCommented:
my suggestion is just to reinstall the role not necessarily rebuild the entire server
 It may be a quicker and easier solution for you.
0
 
Jeff MorlenNetwork EngineerAuthor Commented:
Understood... however I was hoping to avoid that.
0
 
Jeff MorlenNetwork EngineerAuthor Commented:
No comments were posted as to fix to this issue.
A rebuild of the AD structure is not a fix.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now