Solved

win 2003 server password gone/changed

Posted on 2011-02-20
9
734 Views
Last Modified: 2012-05-11
some background; small classroom domain.  had one server with pw xxx, which was the admin domain pw.  some time ago I added another server, and changed  the domain pw to xxx* (added a character).   the first server has always worked fine, til today.  The second has had problems, which I had been working on.   both active directory, dns, and I wanted them to both be DC, with goal of moving all to the new server.  In AD they are both listed as DC, ping to FQDN was good, dns showed both, etc.  But errors were that active directory wasn't available on the second server.  
So I was looking into tools like dcdiag, and came to adsiedit.  I saw some  IP entries on server 2 which were first attempts when setting  up, and were now incorrect so I delteted them.  I compared settings between the two servers and basically made all the same.  No joy, so with a headache I left last night while server1 ran updates and rebooted.
Now, I cannot login to server1 at all.  I can login to server2, but only with the Old pw from a year ago.  ???
And, student profiles do not load, which are on server1.
I did nothing to change any passwords, to my knowledge.
I need help, very quickly.   PM's???  

edit; server1 is installed on an older hp desktop, not an actual server machine.  So bios is not a server bios; don't know if that helps.  One of the reasons I wanted to change things.  If it matters  it's an easy thing to take the hd out and slave it,  so program paths and profiles can be seen and copied if need be.  But it's a license server also and I need those to run.
0
Comment
Question by:JerryC101
  • 5
  • 4
9 Comments
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 34939870
Have you tried the Offline NT password and registry tool?


http://www.pogostick.net/~pnh/ntpasswd/
0
 

Author Comment

by:JerryC101
ID: 34939902
No; looks interesting.  
I was just going to edit again but  now can't, so followup;
I've used in a working AD lab, in a command line, ''net user <userxxx> *' and it asks for a pw, then enter again and it changes for the domain with no other effects.  I was thinking of trying that,, but don't want to make things worse.   What do you think?
0
 
LVL 47

Accepted Solution

by:
Donald Stewart earned 500 total points
ID: 34939918
Which ever way that you are allowed to change the password is what I would go with. Offline NT allows you to boot into a dos environment and either "Blank" the password or change it. Blanking it is more successful.
0
 

Author Comment

by:JerryC101
ID: 34940009
Going to try the one above shortly; will let you know.  
On that page there is a liink to jms etc that's for AD pw; the anti-v won't let me go there, says the link is a threat.  Do you have any comments?  I can disable the anti-v if it's a valid site.
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 

Author Comment

by:JerryC101
ID: 34940013
AD=Active Directory
0
 

Author Comment

by:JerryC101
ID: 34940176
I just got back to that lab and tried logging in to 'old' server1, using any pw I could recall and other admin user also.  Fail.  I logged in to the 'new' server2 using its long out of date pw, and ran the cmd line as noted above. I gave it the pw that had been the correct one til today.  It sat there a bit, a much longer bit than any earlier time I have done this, and then said 'command completed successfully'.    I then was able to login to server1.   Yay!
Now to see if anything else works.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 34940177
Not sure where you're getting "Jms" from, but yes anti-viruses do flag this because of what it does(reset passwords)

0
 

Author Comment

by:JerryC101
ID: 34940265
Under 'other places to go' on that site, it's jms1.net.  Oddly, on this computer I can get to it; on the earlier computer in another room but running the same anti-v, it gave the warning.

Well; now I can login to each server, and RDC also.  But the students cannot login; the comps cannot see the domain.  I am now getting the dns error msg on server1 that I had been trying to troubleshoot on server2, when it was not running AD.  
There are no forward or reverse zones, and I cannot create them on either server.  'Zone cannot be replicated.... the application directory partition does not exist.  Only Enterprise Admins (which I am) have permissions... etc.  Google shows that others have had this; I have not seen any fixes.  Some seem to have re-done dns completely but they did not post back, so I am not sure.  
At this point, should I start a new thread, as the issue is quite different?
Thanks for your help so far.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 34940283
Yes, starting another thread will also generate more users looking at it.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now