Solved

Windows 2000/2003 domain

Posted on 2011-03-07
5
375 Views
Last Modified: 2013-12-05
Hi all,

I have a windows 2000 DC and a windows 2003 dc and a 2003 exchange server. The windows 2000 dc was installed first then the 2003 a fair few years later. This morning my 2000 dc failed to start with the error LSASS.EXE - system error, security accounts manager initialization failed because the following error: Directory services cannot start.

I have got the microsoft solution to the issue but it requires me to have the Directory services restore mode password, which i dont have as i didnt set the server up and i failed to change when server was working.

So as i understand my only option is to, demote the 2000 dc using dcpromo, will this then allow the 2000 to boot up and not require active directory to function? I have files on the 2000 that i need to get but obviously i cant get in to the server because of the issue and the forgotten password.

If someone could advise i would be grateful. Worried that if i run the dcpromo i will mess it up as not sure if the 2003 has all the required info.

cheers
0
Comment
Question by:adam2311
  • 4
5 Comments
 
LVL 3

Expert Comment

by:dtrance
ID: 35058430
The 2003 DC will contain all the directory information.  You have to demote the 2000 DC however to get it cleanly out of AD.

See the utility here to reset the password.
http://www.petri.co.il/change_recovery_console_password.htm

0
 

Author Comment

by:adam2311
ID: 35059305
If i cant log on the server how would i do this? when i normally try and start up the server i get the error screen with the above message. The only way to clear this is to restart.

With the dcpromo, can i run this on my other DC to demote the win 2000 DC? cause at the moment i can't access the failed 2000 DC.
0
 

Author Comment

by:adam2311
ID: 35067258
Where i am, still need help urgently.

I have tried to change the password using dtrance methods posted however as i can not access the 2000 dc (safemode or any mode) i can not change the restore password. I can only think i need to demote the 2000 dc but how can this be done safetly without actually getting on the 2000 dc?

Is there away to disable the active directory on the 2000 dc so it will start up as the error is the 'Directory service cannot start'

cheers
0
 

Accepted Solution

by:
adam2311 earned 0 total points
ID: 35068600
I have fixed the issue.

Basically if you do not have the restore password you are screwed. There is no way to solve this issue cleanly.

So what i did was a force remove of the DC. I firstly seized the roles and transfered them to the exisiting dc. I then followed the metadate cleanup.

First Microsoft site was to seize fsmo roles : support.microsoft.com/kb/255504

then Microsoft site support.microsoft.com/kb/216498 this cleans up the dc demotion.
0
 

Author Closing Comment

by:adam2311
ID: 35120570
I managed to read through alot of microsoft support docs and old expert articles to gather all options available to me.
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Every system administrator encounters once in while in a problem where the solution seems to be a needle in haystack.  My needle was an anti-virus version causing problems with my Exchange server. I have an HP DL350 with Windows Server 2008 Stand…
On a regular basis I get questions about slow RDP performance, RDP connection problems, strange errors and even BSOD, remote computers freezing or restarting after initiation of a remote session. In a lot of this cases the quick solutions made b…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question