Solved

Reset the local administrator password on a domain controller that is about to be demoted

Posted on 2011-03-04
13
920 Views
Last Modified: 2012-05-11
Hi All;

We have Win2k3 Server acting as a Domain controller  & SQL 2005 Server, and want to demote the server to be SQL box only. Since nobody knows what was the local admin password prior making it a domain controller we want to know how we can reset it?

So when we demote the server we can login locally using the local password and re-join it to the domain.

Thanks

Adam
0
Comment
Question by:atigris
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +5
13 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 283 total points
ID: 35039692
When you dcpromo the server you have to set the password.  Before running dcpromo there is no local admin password as the server is a Domain Controller and can't be logged on to locally.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35039715
For more info - please read the following link:

http://technet.microsoft.com/en-us/library/cc771844(v=ws.10).aspx
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 35039738
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LVL 11

Expert Comment

by:TheGorby
ID: 35039756
When you demote the domain controller, it will only be a member server instead of a DC - it will still be part of the domain. However, if you still would like to reset the local admin password then you can do so after demoting the server.
0
 
LVL 21

Expert Comment

by:Hendrik Wiese
ID: 35039761
You can try ERD Commander, I know that it works on server 2003. But not sure if it will work on a DC as you don't have local users. But it is worth to try.

Cheers,
Hendrik Wiese
0
 
LVL 21

Expert Comment

by:Hendrik Wiese
ID: 35039768
You can download ERD Commander at the following link: http://www.fullandfree.info/software/erd-commander-2005/
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 35039789
Forcefully demote a Windows Server 2003 domain controller


http://blogs.technet.com/b/asiasupp/archive/2006/09/06/454327.aspx

Scenario 1: If the domain controller can boot into normal mode:
1. Click Start, click Run, and then type the following command:
        dcpromo /forceremoval
2. Click OK. If Certificate Services is not removed, you will get a message to remove it first. If FSMO roles/GC are not seized from the DC, you will get a message to transfer the roles to another DC.
3. At the Welcome to the Active Directory Installation Wizard page, click Next.
4. At the Force the Removal of Active Directory page, click Next.
5. In Administrator Password, type the password and confirmed password that you want to assign to the Administrator account of the local SAM database, and then click Next.
6. In Summary, click Next.
7. When it finishes, click Finish and reboot the computer.

--------------------------------------------------------------------------------
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 35039810
You only want to do the forceremoval is  a graceful demotion doesn't work.  After a force you have to cleanup metadata etc.  
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35039824
As I have already stated - When demoting a Domain Controller - part of the process involves setting the local admin password.

No 3rd party tools are needed.
0
 
LVL 37

Assisted Solution

by:Neil Russell
Neil Russell earned 167 total points
ID: 35039879
I have never seen so many pointless, missleading and incorrect posts in one thread!!

The very first post by alanhardisty is the ONLY post that needed to be in this thread! Then its followed by a pile of duff info from people who guess at the answer it seems.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35039916
Thanks Neilsr for posting that before I did.  I can't believe there are so many 'experts' who clearly don't have a clue about what they are doing but are willing to post advice as if they do!!

It's bad enough that people Google and post the first thing that comes up, but people are just posting complete rubbish here and it demonstrates that they have no knowledge of the subject at hand.

Experts - before you post - be sure of your 'facts', at best, you might just make a fool of yourselves, at worst you might be posting dangerous and damaging advice.

If you haven't got a clue - click on Monitor to learn from the question.
0
 
LVL 74

Assisted Solution

by:Glen Knight
Glen Knight earned 50 total points
ID: 35040603
Be very careful when demoting a server which has other services on it that require authentication.

SQL may also have reporting services installed which requires IIS.  When you promote or demote a DC with IIS on it makes changes to IIS.

Authentication also changes, as instead of using a local copy of ADDS it now needs to go somewhere else.
0
 
LVL 2

Author Closing Comment

by:atigris
ID: 35060965
I was able to set the password during dcpromo wizard. Thanks
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Viewers will learn how the fundamental information of how to create a table.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question