Solved

Administrator on windows 2008 r2

Posted on 2014-04-27
7
211 Views
Last Modified: 2014-05-09
I installed windows 2008 r2 in my lab and set the password for user Administrator to Password1.

I then setup active directory, dc promo and dns.

I set the domain Administrator password to Password2.

But when  I login to the domain after installing active directory I can only login using user Administrator password Password1. that doesnt make sense - i set the domain user password to password1, whats going on here?
0
Comment
Question by:Ikky786
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 37

Expert Comment

by:bbao
ID: 40026309
> when  I login to the domain

the common reason is that you forget to give the domain name at the login window. try log on as DomainName\UserName instead of only UserName.
0
 
LVL 16

Accepted Solution

by:
R. Andrew Koffron earned 500 total points
ID: 40026311
I believe when you promote a first domain controller, it converts the administrator account to to the domain, and removes local security basically making it a machine with no useful access to local security, it's more technical than my explanation, but that's expected behavior.
0
 
LVL 7

Expert Comment

by:Delete
ID: 40026322
R. Andrew Koffron is correct.  When you entered "Password2" are you sure it wasn't for the DSRM account?
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 40026350
When you promote a server to DC, the local administrator account is disabled. That's why you can't login locally.
0
 
LVL 82

Expert Comment

by:David Johnson, CD, MVP
ID: 40026496
that is unless the local administrator is the only account on the machine and there is another administrator role user on the machine then dcpromo will not disable the local administrator account or more precisely it will be promoted to an enterprise administrator account on the domain. The password you enter during DCPROMO is the DSRM password and not the administrator password. (as pointed out above)
0
 
LVL 16

Expert Comment

by:gurutc
ID: 40026974
Hi,

Long story short is you shouldn't have local accounts with the same name as domain accounts.  Many applications including SQL Server will get confused between local and domain accounts and end up locking the domain, local or  both accounts if the passwords are different.

If you want a domain administrator account don't call it administrator!

- gurutc
0
 
LVL 16

Expert Comment

by:R. Andrew Koffron
ID: 40027303
Again, you can't have usable Local security accounts on a DC, might sorta be able to make a read only controller with local security, but not on an actual Domain Controller.

When you dcpromo a machine the local security is copied into the AD and Disabled. the only time it can be accessed is in Directory restore mode. but it isn't a functional DC while in restore mode.

The Main "Administrator" (whatever you name it or them) is made into the Domain admin during the promotion process. You can't have local access to the Domain Controller. so probably the second account is just a domain account(with whatever permission and password) it had before the promotion.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A safe way to clean winsxs folder from your windows server 2008 R2 editions
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
Suggested Courses

631 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question