I have a new client that is a hard position with their previous IT management company. The previous company is refusing to release any administrative usernames or passwords for any computer. This is only a problem for one, the PDC which is also a database server for their POS system. This is a crappy situation to be in.
I'm a linux guy by trade so I'm not super familiar with Windows environments. I know that I can image the disks and then load it into new hardware, I know I can boot from the "Offline Windows Password & Regitry Editor" boot cd and rewrite the admin password. However, what I don't know is if that admin account is only for the local machine or if it's for the domain as well.
I setup a test Windows Server 2008 R2 PDC at the office and proceeded to rewrite the password using the disk mentioned above. However, upon rebooting I still could not login to the local computer. The windows server wanted me to login as DOMAIN/Administrator and I only over wrote the password for LOCAL/Administrator. So I'm somewhat at loss on how to gain access to the system. How can I overwrite the password for the DOMAIN/Administrator account? Or the best question is, given complete physical access how does one gain access to a Windows Server Primary Domain Controller?
I'll start by expressing my agreement with other posters who are cautioning you that you may be causing more harm than good tinkering with low level stuff like this outside your area of expertise. You can really mess things up if you're not careful and change a server that's working into a smoking pile of wreckage. Proceed only with caution.
Your offline password reset has reset the password for the local "Administrator" account. This account is only used for a Directory Services Restore Mode as Shane Madden points out. You should be able to press F8 during boot, select Directory Services Restore Mode, and logon with "Administrator" and the password you set.
Once you're logged in you can use a trick to change the domain Administrator account on the next boot. Open an elevated command prompt and execute the following:
sc create resetpw binPath= "C:\WINDOWS\system32\net user administrator p@ssw0rd" start= auto
(Be sure to get all the spaces after each of the equals signs.)Reboot the machine in normal mode. This "service" you created will execute and reset the "Administrator" password to, in this case, "p@ssw0rd" (w/o quotes). It's sensible to use a "strong" passwork like that one rather than, say, "password" because there may be a domain password policy that prevents you from resetting the password to a "weak" password.
You should be able to logon with the domain Administrator credential after you boot. You can remove your "service" by executing
sc delete resetpw
from an elevated command prompt.(I don't have a scratch W2K8 domain controller sitting around right now and I'll freely admit that I haven't tested what I'm describing above on W2K8. It works on W2K3 and I strongly suspect it'll work fine on W2K8, too.)
Well, first off: sounds like your client needs to get the lawyers involved.
On the technical side of things: Windows domain controllers do not have local users after being made into domain controllers. So, there's no way to log in as a local user whatsoever, with one exception: Directory Services Restore Mode.
If you press F8 during boot (right as Windows gets started), domain controllers have a special option for Directory Services Restore Mode. When booted into that mode, one "local" account is accessible:
Administrator
. This is the DSRM account that is set when the domain controller is originally promoted, but should have been reset by your password change on the local database.This should get you into the system - reset the domain
Administrator
account, and then reboot back into normal mode.Refer the client to someone who actually knows the technology that they need help with? If were an electrician, and had a client that needed a plumber, I wouldn't be buying pipe wrenches and Time-Life DIY books on my way to their site.
Not to sound harsh, but from the way you phrased the question (calling it a PDC, not knowing that a DC no longer has local accounts at all), you're out of your depth and will be doing a dis-service to your client.