[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1184
  • Last Modified:

Reset the local administrator password on a domain controller that is about to be demoted

Hi All;

We have Win2k3 Server acting as a Domain controller  & SQL 2005 Server, and want to demote the server to be SQL box only. Since nobody knows what was the local admin password prior making it a domain controller we want to know how we can reset it?

So when we demote the server we can login locally using the local password and re-join it to the domain.

Thanks

Adam
0
atigris
Asked:
atigris
  • 4
  • 2
  • 2
  • +5
3 Solutions
 
Alan HardistyCo-OwnerCommented:
When you dcpromo the server you have to set the password.  Before running dcpromo there is no local admin password as the server is a Domain Controller and can't be logged on to locally.
0
 
Alan HardistyCo-OwnerCommented:
For more info - please read the following link:

http://technet.microsoft.com/en-us/library/cc771844(v=ws.10).aspx
0
 
Donald StewartNetwork AdministratorCommented:
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
TheGorbyCommented:
When you demote the domain controller, it will only be a member server instead of a DC - it will still be part of the domain. However, if you still would like to reset the local admin password then you can do so after demoting the server.
0
 
Hendrik WieseInformation Security ManagerCommented:
You can try ERD Commander, I know that it works on server 2003. But not sure if it will work on a DC as you don't have local users. But it is worth to try.

Cheers,
Hendrik Wiese
0
 
Hendrik WieseInformation Security ManagerCommented:
You can download ERD Commander at the following link: http://www.fullandfree.info/software/erd-commander-2005/
0
 
Donald StewartNetwork AdministratorCommented:
Forcefully demote a Windows Server 2003 domain controller


http://blogs.technet.com/b/asiasupp/archive/2006/09/06/454327.aspx

Scenario 1: If the domain controller can boot into normal mode:
1. Click Start, click Run, and then type the following command:
        dcpromo /forceremoval
2. Click OK. If Certificate Services is not removed, you will get a message to remove it first. If FSMO roles/GC are not seized from the DC, you will get a message to transfer the roles to another DC.
3. At the Welcome to the Active Directory Installation Wizard page, click Next.
4. At the Force the Removal of Active Directory page, click Next.
5. In Administrator Password, type the password and confirmed password that you want to assign to the Administrator account of the local SAM database, and then click Next.
6. In Summary, click Next.
7. When it finishes, click Finish and reboot the computer.

--------------------------------------------------------------------------------
0
 
Mike KlineCommented:
You only want to do the forceremoval is  a graceful demotion doesn't work.  After a force you have to cleanup metadata etc.  
0
 
Alan HardistyCo-OwnerCommented:
As I have already stated - When demoting a Domain Controller - part of the process involves setting the local admin password.

No 3rd party tools are needed.
0
 
Neil RussellTechnical Development LeadCommented:
I have never seen so many pointless, missleading and incorrect posts in one thread!!

The very first post by alanhardisty is the ONLY post that needed to be in this thread! Then its followed by a pile of duff info from people who guess at the answer it seems.
0
 
Alan HardistyCo-OwnerCommented:
Thanks Neilsr for posting that before I did.  I can't believe there are so many 'experts' who clearly don't have a clue about what they are doing but are willing to post advice as if they do!!

It's bad enough that people Google and post the first thing that comes up, but people are just posting complete rubbish here and it demonstrates that they have no knowledge of the subject at hand.

Experts - before you post - be sure of your 'facts', at best, you might just make a fool of yourselves, at worst you might be posting dangerous and damaging advice.

If you haven't got a clue - click on Monitor to learn from the question.
0
 
Glen KnightCommented:
Be very careful when demoting a server which has other services on it that require authentication.

SQL may also have reporting services installed which requires IIS.  When you promote or demote a DC with IIS on it makes changes to IIS.

Authentication also changes, as instead of using a local copy of ADDS it now needs to go somewhere else.
0
 
atigrisAuthor Commented:
I was able to set the password during dcpromo wizard. Thanks
0

Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

  • 4
  • 2
  • 2
  • +5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now