Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 215
  • Last Modified:

Administrator on windows 2008 r2

I installed windows 2008 r2 in my lab and set the password for user Administrator to Password1.

I then setup active directory, dc promo and dns.

I set the domain Administrator password to Password2.

But when  I login to the domain after installing active directory I can only login using user Administrator password Password1. that doesnt make sense - i set the domain user password to password1, whats going on here?
0
Ikky786
Asked:
Ikky786
1 Solution
 
bbaoIT ConsultantCommented:
> when  I login to the domain

the common reason is that you forget to give the domain name at the login window. try log on as DomainName\UserName instead of only UserName.
0
 
R. Andrew KoffronCommented:
I believe when you promote a first domain controller, it converts the administrator account to to the domain, and removes local security basically making it a machine with no useful access to local security, it's more technical than my explanation, but that's expected behavior.
0
 
DeleteCommented:
R. Andrew Koffron is correct.  When you entered "Password2" are you sure it wasn't for the DSRM account?
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
Tony GiangrecoCommented:
When you promote a server to DC, the local administrator account is disabled. That's why you can't login locally.
0
 
David Johnson, CD, MVPOwnerCommented:
that is unless the local administrator is the only account on the machine and there is another administrator role user on the machine then dcpromo will not disable the local administrator account or more precisely it will be promoted to an enterprise administrator account on the domain. The password you enter during DCPROMO is the DSRM password and not the administrator password. (as pointed out above)
0
 
gurutcCommented:
Hi,

Long story short is you shouldn't have local accounts with the same name as domain accounts.  Many applications including SQL Server will get confused between local and domain accounts and end up locking the domain, local or  both accounts if the passwords are different.

If you want a domain administrator account don't call it administrator!

- gurutc
0
 
R. Andrew KoffronCommented:
Again, you can't have usable Local security accounts on a DC, might sorta be able to make a read only controller with local security, but not on an actual Domain Controller.

When you dcpromo a machine the local security is copied into the AD and Disabled. the only time it can be accessed is in Directory restore mode. but it isn't a functional DC while in restore mode.

The Main "Administrator" (whatever you name it or them) is made into the Domain admin during the promotion process. You can't have local access to the Domain Controller. so probably the second account is just a domain account(with whatever permission and password) it had before the promotion.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now