Administrator on windows 2008 r2

Posted on 2014-04-27
Medium Priority
Last Modified: 2014-05-09
I installed windows 2008 r2 in my lab and set the password for user Administrator to Password1.

I then setup active directory, dc promo and dns.

I set the domain Administrator password to Password2.

But when  I login to the domain after installing active directory I can only login using user Administrator password Password1. that doesnt make sense - i set the domain user password to password1, whats going on here?
Question by:Ikky786
LVL 37

Expert Comment

ID: 40026309
> when  I login to the domain

the common reason is that you forget to give the domain name at the login window. try log on as DomainName\UserName instead of only UserName.
LVL 16

Accepted Solution

R. Andrew Koffron earned 2000 total points
ID: 40026311
I believe when you promote a first domain controller, it converts the administrator account to to the domain, and removes local security basically making it a machine with no useful access to local security, it's more technical than my explanation, but that's expected behavior.

Expert Comment

ID: 40026322
R. Andrew Koffron is correct.  When you entered "Password2" are you sure it wasn't for the DSRM account?
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

LVL 25

Expert Comment

by:Tony Giangreco
ID: 40026350
When you promote a server to DC, the local administrator account is disabled. That's why you can't login locally.
LVL 85

Expert Comment

by:David Johnson, CD, MVP
ID: 40026496
that is unless the local administrator is the only account on the machine and there is another administrator role user on the machine then dcpromo will not disable the local administrator account or more precisely it will be promoted to an enterprise administrator account on the domain. The password you enter during DCPROMO is the DSRM password and not the administrator password. (as pointed out above)
LVL 16

Expert Comment

ID: 40026974

Long story short is you shouldn't have local accounts with the same name as domain accounts.  Many applications including SQL Server will get confused between local and domain accounts and end up locking the domain, local or  both accounts if the passwords are different.

If you want a domain administrator account don't call it administrator!

- gurutc
LVL 16

Expert Comment

by:R. Andrew Koffron
ID: 40027303
Again, you can't have usable Local security accounts on a DC, might sorta be able to make a read only controller with local security, but not on an actual Domain Controller.

When you dcpromo a machine the local security is copied into the AD and Disabled. the only time it can be accessed is in Directory restore mode. but it isn't a functional DC while in restore mode.

The Main "Administrator" (whatever you name it or them) is made into the Domain admin during the promotion process. You can't have local access to the Domain Controller. so probably the second account is just a domain account(with whatever permission and password) it had before the promotion.

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Suggested Courses

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question