Home / server / Questions / 143412
Accepted
Billy ONeal
Asked: 2010-05-20 06:47:05 +0800 CST

How can I log in to a malfunctioning domain controller?

  • 772

I have a setup here with a single domain controller and 4 servers which were whithin it's domain. The servers were brought down and are being repurposed, but we would like to keep backups of the machines around.

I am going through one by one and taking the backups, which requires that I login to these machines. I've been able to login to all the servers, except the domain controller. The domain controller itself seems to have not started all it's active directory services, and when one tries to login, it complains that the system cannot log you on now because the domain XXXXX is not available.

How can I login to this box?

Billy3

windows-server-2003 active-directory

5 Answers

  1. Best Answer

    Start it in Directory Services Restore Mode (by pressing F8 at boot time), and you'll be able to log on using the DSRM password you chose during Active Directory setup.

    Of course you remember that password, don't you? ;-)

    (Almost no one seems to remember it when it's actually needed, i.e. when it's the only way to log on to a dead DC...)

    • 4

  2. I actually had a similar issue this weekend - in my case, I had brought the DC up without a network connection by accident (the switch hadn't finished powering up). I rebooted it with the net connection active and it worked fine after that.

    • 1

  3. Not sure with a DC, but if you unplug the network cable and login to a domain, sometimes you'll get lucky and the cached credentials will be there, allowing you to login; you need to know the password though.

    Finally if it's just data, you may have some luck with CloneZilla to Acronis to mount/create an image of the disk(s).

    EDIT:

    My boot disk suggestion was incorrect, but this method may work for you: http://www.petri.co.il/reset_domain_admin_password_in_windows_server_2003_ad.htm

    • 0

  4. In my opinion you need to figure out what services are availble, and what is broken.

    Is DNS running on the Domain Controller or on another box?

    Is the "domain" still active - can you ping the domain? What domain related errors are in the event logs on the other servers?

    Is your workstation part of the domain? Can you log in over the network from one of the other servers?

    Can you mount a share on the dc? (eg net use * \dc\c$ /user:domain\admin)

    Can you open a term-server connection (assuming this was turned on...)

    Type: dcdiag.exe /s:[domain controller] What fails? (you may need to go to Microsoft to find this tool)

    Along other lines, http://www.joeware.net/freetools/tools/findpdc/index.htm

    Sorry no real help here - this is how I would start to work on this.

    • 0

  5. Don't forget that the default username = administrator and the password = what you put in for the directory services restore mode password when you created the DC.

    BW

    • -1