asked on Unable to login to a PC with Domain Admin Credentials
We recently changed the password on our Domain Administrator account (Administrator). However, after that, we can no longer login to any PC on the domain with domain\administrator. I can login to the Domain Controller with the credentials and when a user on the domain is prompted for Admin rights to update or install new software, the domain\administrator account credentials work.
I have verified that the trust between the domain and local PC is good. I also looked in Event Viewer on the domain and see the failed attempts for the domain login. I know the password is correct.
Any help will be appreciated.
I have verified that the trust between the domain and local PC is good. I also looked in Event Viewer on the domain and see the failed attempts for the domain login. I know the password is correct.
Any help will be appreciated.
Active DirectoryPCDomain Controller
Last Comment
Robert Wiggs
Try using the previous credentials for the Domain Admin. Most likely, the systems are logging in using the Domain Admin's cached credentials. If you can log in with the old creds, reconfigure the domain members to wait for the network at logon.
ASKER
I did try the old password, didn't work. I also changed the password again and verified the password. Still nothing.
Hey Robert, have you verified if you have any local or domain group policy for your computers OUs which prevents or deny login of domain\administrator account? It happens most like due to "Deny access to this computer from the network" or "Deny log on locally".
Its better if you can give a try on some workstation by adding domain\administrator in account in "Allow logon locally" using gpedit.msc
If still not resolved, it would be great if you can share the error message screenshot you receive while trying to login with administrator account.
Thanks
Its better if you can give a try on some workstation by adding domain\administrator in account in "Allow logon locally" using gpedit.msc
If still not resolved, it would be great if you can share the error message screenshot you receive while trying to login with administrator account.
Thanks
please share message so we can know what would be the cause.
note if your administrator have sufficient right and network connectivity between PC and domain controller. it should work.
cross check the connectivity once
note if your administrator have sufficient right and network connectivity between PC and domain controller. it should work.
cross check the connectivity once
Side note...
If you log into an infected computer with DA you run the risk of spreading these nasties to your whole environment. Please see: https://www.experts-exchange.com/articles/29366/Delegation-the-proper-way.html
In regards to the Deny log on locally and Allow log on locallly, please see:
https://www.experts-exchange.com/articles/29515/Active-Directory-Simple-Tier-Isolation.html
If you log into an infected computer with DA you run the risk of spreading these nasties to your whole environment. Please see: https://www.experts-exchange.com/articles/29366/Delegation-the-proper-way.html
In regards to the Deny log on locally and Allow log on locallly, please see:
https://www.experts-exchange.com/articles/29515/Active-Directory-Simple-Tier-Isolation.html
ASKER
AKS - Its not a GPO. I was able to log onto the PC with the Domain Admin account before I changed the password.
Shaun Vermaak - The PC is connected to the network. I can log into the PC with my domain account and access network resources.
For the Side Note, I understand the risk.
Shaun Vermaak - The PC is connected to the network. I can log into the PC with my domain account and access network resources.
For the Side Note, I understand the risk.
I understand that you checked the trust but...
Can you still log in with the old password? If so you probably logging in with cached credentials
Can you still log in with the old password? If so you probably logging in with cached credentials
ASKER
Shaun, I have tried to log in with the old password and it did not work.
Try disabling Client AV/Firewall and logging on.
ASKER
Tried that. It didn't work.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Try username as administrator@domain.com
HI Robert - V curious about how you went with this
ASKER
I removed domain admin from the local admin group and re added it. This solved the issue.
Thank you
Thank you