Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 381
  • Last Modified:

Windows 2000/2003 domain

Hi all,

I have a windows 2000 DC and a windows 2003 dc and a 2003 exchange server. The windows 2000 dc was installed first then the 2003 a fair few years later. This morning my 2000 dc failed to start with the error LSASS.EXE - system error, security accounts manager initialization failed because the following error: Directory services cannot start.

I have got the microsoft solution to the issue but it requires me to have the Directory services restore mode password, which i dont have as i didnt set the server up and i failed to change when server was working.

So as i understand my only option is to, demote the 2000 dc using dcpromo, will this then allow the 2000 to boot up and not require active directory to function? I have files on the 2000 that i need to get but obviously i cant get in to the server because of the issue and the forgotten password.

If someone could advise i would be grateful. Worried that if i run the dcpromo i will mess it up as not sure if the 2003 has all the required info.

cheers
0
adam2311
Asked:
adam2311
  • 4
1 Solution
 
dtranceCommented:
The 2003 DC will contain all the directory information.  You have to demote the 2000 DC however to get it cleanly out of AD.

See the utility here to reset the password.
http://www.petri.co.il/change_recovery_console_password.htm

0
 
adam2311Author Commented:
If i cant log on the server how would i do this? when i normally try and start up the server i get the error screen with the above message. The only way to clear this is to restart.

With the dcpromo, can i run this on my other DC to demote the win 2000 DC? cause at the moment i can't access the failed 2000 DC.
0
 
adam2311Author Commented:
Where i am, still need help urgently.

I have tried to change the password using dtrance methods posted however as i can not access the 2000 dc (safemode or any mode) i can not change the restore password. I can only think i need to demote the 2000 dc but how can this be done safetly without actually getting on the 2000 dc?

Is there away to disable the active directory on the 2000 dc so it will start up as the error is the 'Directory service cannot start'

cheers
0
 
adam2311Author Commented:
I have fixed the issue.

Basically if you do not have the restore password you are screwed. There is no way to solve this issue cleanly.

So what i did was a force remove of the DC. I firstly seized the roles and transfered them to the exisiting dc. I then followed the metadate cleanup.

First Microsoft site was to seize fsmo roles : support.microsoft.com/kb/255504

then Microsoft site support.microsoft.com/kb/216498 this cleans up the dc demotion.
0
 
adam2311Author Commented:
I managed to read through alot of microsoft support docs and old expert articles to gather all options available to me.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now