Solved

win 2003 server password gone/changed

Posted on 2011-02-20
9
736 Views
Last Modified: 2012-05-11
some background; small classroom domain.  had one server with pw xxx, which was the admin domain pw.  some time ago I added another server, and changed  the domain pw to xxx* (added a character).   the first server has always worked fine, til today.  The second has had problems, which I had been working on.   both active directory, dns, and I wanted them to both be DC, with goal of moving all to the new server.  In AD they are both listed as DC, ping to FQDN was good, dns showed both, etc.  But errors were that active directory wasn't available on the second server.  
So I was looking into tools like dcdiag, and came to adsiedit.  I saw some  IP entries on server 2 which were first attempts when setting  up, and were now incorrect so I delteted them.  I compared settings between the two servers and basically made all the same.  No joy, so with a headache I left last night while server1 ran updates and rebooted.
Now, I cannot login to server1 at all.  I can login to server2, but only with the Old pw from a year ago.  ???
And, student profiles do not load, which are on server1.
I did nothing to change any passwords, to my knowledge.
I need help, very quickly.   PM's???  

edit; server1 is installed on an older hp desktop, not an actual server machine.  So bios is not a server bios; don't know if that helps.  One of the reasons I wanted to change things.  If it matters  it's an easy thing to take the hd out and slave it,  so program paths and profiles can be seen and copied if need be.  But it's a license server also and I need those to run.
0
Comment
Question by:JerryC101
  • 5
  • 4
9 Comments
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 34939870
Have you tried the Offline NT password and registry tool?


http://www.pogostick.net/~pnh/ntpasswd/
0
 

Author Comment

by:JerryC101
ID: 34939902
No; looks interesting.  
I was just going to edit again but  now can't, so followup;
I've used in a working AD lab, in a command line, ''net user <userxxx> *' and it asks for a pw, then enter again and it changes for the domain with no other effects.  I was thinking of trying that,, but don't want to make things worse.   What do you think?
0
 
LVL 47

Accepted Solution

by:
Donald Stewart earned 500 total points
ID: 34939918
Which ever way that you are allowed to change the password is what I would go with. Offline NT allows you to boot into a dos environment and either "Blank" the password or change it. Blanking it is more successful.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:JerryC101
ID: 34940009
Going to try the one above shortly; will let you know.  
On that page there is a liink to jms etc that's for AD pw; the anti-v won't let me go there, says the link is a threat.  Do you have any comments?  I can disable the anti-v if it's a valid site.
0
 

Author Comment

by:JerryC101
ID: 34940013
AD=Active Directory
0
 

Author Comment

by:JerryC101
ID: 34940176
I just got back to that lab and tried logging in to 'old' server1, using any pw I could recall and other admin user also.  Fail.  I logged in to the 'new' server2 using its long out of date pw, and ran the cmd line as noted above. I gave it the pw that had been the correct one til today.  It sat there a bit, a much longer bit than any earlier time I have done this, and then said 'command completed successfully'.    I then was able to login to server1.   Yay!
Now to see if anything else works.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 34940177
Not sure where you're getting "Jms" from, but yes anti-viruses do flag this because of what it does(reset passwords)

0
 

Author Comment

by:JerryC101
ID: 34940265
Under 'other places to go' on that site, it's jms1.net.  Oddly, on this computer I can get to it; on the earlier computer in another room but running the same anti-v, it gave the warning.

Well; now I can login to each server, and RDC also.  But the students cannot login; the comps cannot see the domain.  I am now getting the dns error msg on server1 that I had been trying to troubleshoot on server2, when it was not running AD.  
There are no forward or reverse zones, and I cannot create them on either server.  'Zone cannot be replicated.... the application directory partition does not exist.  Only Enterprise Admins (which I am) have permissions... etc.  Google shows that others have had this; I have not seen any fixes.  Some seem to have re-done dns completely but they did not post back, so I am not sure.  
At this point, should I start a new thread, as the issue is quite different?
Thanks for your help so far.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 34940283
Yes, starting another thread will also generate more users looking at it.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the steps required to use the default Photos screensaver to display branding/corporate images
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question