Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Administrator on windows 2008 r2

Posted on 2014-04-27
7
Medium Priority
?
214 Views
Last Modified: 2014-05-09
I installed windows 2008 r2 in my lab and set the password for user Administrator to Password1.

I then setup active directory, dc promo and dns.

I set the domain Administrator password to Password2.

But when  I login to the domain after installing active directory I can only login using user Administrator password Password1. that doesnt make sense - i set the domain user password to password1, whats going on here?
0
Comment
Question by:Ikky786
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 37

Expert Comment

by:bbao
ID: 40026309
> when  I login to the domain

the common reason is that you forget to give the domain name at the login window. try log on as DomainName\UserName instead of only UserName.
0
 
LVL 16

Accepted Solution

by:
R. Andrew Koffron earned 2000 total points
ID: 40026311
I believe when you promote a first domain controller, it converts the administrator account to to the domain, and removes local security basically making it a machine with no useful access to local security, it's more technical than my explanation, but that's expected behavior.
0
 
LVL 7

Expert Comment

by:Delete
ID: 40026322
R. Andrew Koffron is correct.  When you entered "Password2" are you sure it wasn't for the DSRM account?
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 40026350
When you promote a server to DC, the local administrator account is disabled. That's why you can't login locally.
0
 
LVL 83

Expert Comment

by:David Johnson, CD, MVP
ID: 40026496
that is unless the local administrator is the only account on the machine and there is another administrator role user on the machine then dcpromo will not disable the local administrator account or more precisely it will be promoted to an enterprise administrator account on the domain. The password you enter during DCPROMO is the DSRM password and not the administrator password. (as pointed out above)
0
 
LVL 16

Expert Comment

by:gurutc
ID: 40026974
Hi,

Long story short is you shouldn't have local accounts with the same name as domain accounts.  Many applications including SQL Server will get confused between local and domain accounts and end up locking the domain, local or  both accounts if the passwords are different.

If you want a domain administrator account don't call it administrator!

- gurutc
0
 
LVL 16

Expert Comment

by:R. Andrew Koffron
ID: 40027303
Again, you can't have usable Local security accounts on a DC, might sorta be able to make a read only controller with local security, but not on an actual Domain Controller.

When you dcpromo a machine the local security is copied into the AD and Disabled. the only time it can be accessed is in Directory restore mode. but it isn't a functional DC while in restore mode.

The Main "Administrator" (whatever you name it or them) is made into the Domain admin during the promotion process. You can't have local access to the Domain Controller. so probably the second account is just a domain account(with whatever permission and password) it had before the promotion.
0

Featured Post

How Blockchain Is Impacting Every Industry

Blockchain expert Alex Tapscott talks to Acronis VP Frank Jablonski about this revolutionary technology and how it's making inroads into other industries and facets of everyday life.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question