Link to home
Start Free TrialLog in
Avatar of Robert Wiggs
Robert WiggsFlag for United States of America

asked on

Unable to login to a PC with Domain Admin Credentials

We recently changed the password on our Domain Administrator account (Administrator). However, after that, we can no longer login to any PC on the domain with domain\administrator. I can login to the Domain Controller with the credentials and when a user on the domain is prompted for Admin rights to update or install new software, the domain\administrator account credentials work.

I have verified that the trust between the domain and local PC is good. I also looked in Event Viewer on the domain and see the failed attempts for the domain login. I know the password is correct.

Any help will be appreciated.
Avatar of Adam Brown
Adam Brown
Flag of United States of America image

Try using the previous credentials for the Domain Admin. Most likely, the systems are logging in using the Domain Admin's cached credentials. If you can log in with the old creds, reconfigure the domain members to wait for the network at logon.
Avatar of Robert Wiggs

ASKER

I did try the old password, didn't work. I also changed the password again and verified the password. Still nothing.
Hey Robert, have you verified if you have any local or domain group policy for your computers OUs which prevents or deny login of domain\administrator account? It happens most like due to "Deny access to this computer from the network" or "Deny log on locally".

Its better if you can give a try on some workstation by adding domain\administrator in account in "Allow logon locally" using gpedit.msc

If still not resolved, it would be great if you can share the error message screenshot you receive while trying to login with administrator account.

Thanks
Avatar of SAM IT
SAM IT

please share message so we can know what would be the cause.

note if your administrator have sufficient right and network connectivity between PC and domain controller. it should work.

cross check the connectivity once
Side note...
If you log into an infected computer with DA you run the risk of spreading these nasties to your whole environment. Please see: https://www.experts-exchange.com/articles/29366/Delegation-the-proper-way.html

In regards to the Deny log on locally and Allow log on locallly, please see:
https://www.experts-exchange.com/articles/29515/Active-Directory-Simple-Tier-Isolation.html
AKS - Its not a GPO. I was able to log onto the PC with the Domain Admin account before I changed the password.

Shaun Vermaak - The PC is connected to the network. I can log into the PC with my domain account and access network resources.

For the Side Note, I understand the risk.
I understand that you checked the trust but...
Can you still log in with the old password? If so you probably logging in with cached credentials
Shaun, I have tried to log in with the old password and it did not work.
Try disabling Client AV/Firewall and logging on.
Tried that. It didn't work.
ASKER CERTIFIED SOLUTION
Avatar of mbkitmgr
mbkitmgr
Flag of Australia image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Try username as administrator@domain.com
HI Robert - V curious about how you went with this
I removed domain admin from the local admin group and re added it. This solved the issue.

Thank you