Solved

Administrator on windows 2008 r2

Posted on 2014-04-27
7
207 Views
Last Modified: 2014-05-09
I installed windows 2008 r2 in my lab and set the password for user Administrator to Password1.

I then setup active directory, dc promo and dns.

I set the domain Administrator password to Password2.

But when  I login to the domain after installing active directory I can only login using user Administrator password Password1. that doesnt make sense - i set the domain user password to password1, whats going on here?
0
Comment
Question by:Ikky786
7 Comments
 
LVL 37

Expert Comment

by:bbao
ID: 40026309
> when  I login to the domain

the common reason is that you forget to give the domain name at the login window. try log on as DomainName\UserName instead of only UserName.
0
 
LVL 16

Accepted Solution

by:
R. Andrew Koffron earned 500 total points
ID: 40026311
I believe when you promote a first domain controller, it converts the administrator account to to the domain, and removes local security basically making it a machine with no useful access to local security, it's more technical than my explanation, but that's expected behavior.
0
 
LVL 7

Expert Comment

by:Delete
ID: 40026322
R. Andrew Koffron is correct.  When you entered "Password2" are you sure it wasn't for the DSRM account?
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 40026350
When you promote a server to DC, the local administrator account is disabled. That's why you can't login locally.
0
 
LVL 80

Expert Comment

by:David Johnson, CD, MVP
ID: 40026496
that is unless the local administrator is the only account on the machine and there is another administrator role user on the machine then dcpromo will not disable the local administrator account or more precisely it will be promoted to an enterprise administrator account on the domain. The password you enter during DCPROMO is the DSRM password and not the administrator password. (as pointed out above)
0
 
LVL 16

Expert Comment

by:gurutc
ID: 40026974
Hi,

Long story short is you shouldn't have local accounts with the same name as domain accounts.  Many applications including SQL Server will get confused between local and domain accounts and end up locking the domain, local or  both accounts if the passwords are different.

If you want a domain administrator account don't call it administrator!

- gurutc
0
 
LVL 16

Expert Comment

by:R. Andrew Koffron
ID: 40027303
Again, you can't have usable Local security accounts on a DC, might sorta be able to make a read only controller with local security, but not on an actual Domain Controller.

When you dcpromo a machine the local security is copied into the AD and Disabled. the only time it can be accessed is in Directory restore mode. but it isn't a functional DC while in restore mode.

The Main "Administrator" (whatever you name it or them) is made into the Domain admin during the promotion process. You can't have local access to the Domain Controller. so probably the second account is just a domain account(with whatever permission and password) it had before the promotion.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question