Jump to content
The mkiv Supra Owners Club

IT Question - AD & Domain Controller

Markie

By Markie
in Off Topic

 Share

Recommended Posts

Markie Newbie

Markie

Posted
Posted

Hello IT guys...

 

I have a problem at work and was wondering if any of you guys have an idea, as I cant seem to see a way around this expect by stripping the DC stuff out of AD and a Windows re-install.

 

The problem I have is that we had a power cut, and one of the servers has come back up with an AD coruption and therefore giving me an error at Windows startup and reboots saying it need s to run the Directory Restore Mode.

 

Fair enough, no bigie... However, none knows what the DRM password is.. :search:

 

I know you can reset this password in normal circumtances using ntdsutil.exe, however the server is kackered and disables AD on start up because of coruption, therefore not able to reset the password remotely.

 

Any ideas please?

Link to comment
Share on other sites
carl0s Newbie

carl0s

Posted
Posted

I might be wrong, but I am fairly sure the "DS Restore mode" administrator password is an equivalent of a local administator password. Therefore, you could use Winternals administrator pack, or even better you could use chntpwd.exe, which I have found to be awesome.

I'll find the tool and erm, upload it in a sec.

Link to comment
Share on other sites
Markie Newbie

Markie

Posted
  • Author
Posted

Stuck at home in the snow today.. But I will try it.. I have actually tried a linux password change on the local admin account already.. Said it worked, but when it came to logging in it still did not like the password :(

 

Maybe these programs will have a better chance.

 

Does the boot disk support SCSI drives?

Link to comment
Share on other sites
carl0s Newbie

carl0s

Posted
Posted
Stuck at home in the snow today.. But I will try it.. I have actually tried a linux password change on the local admin account already.. Said it worked, but when it came to logging in it still did not like the password :(

 

Maybe these programs will have a better chance.

 

Does the boot disk support SCSI drives?

 

As long as your SCSI card supports BIOS level hdd access (int 80h/81h) - which it will do if the machine boots from it, then you'll be fine.

Link to comment
Share on other sites
carl0s Newbie

carl0s

Posted
Posted
Stuck at home in the snow today.. But I will try it.. I have actually tried a linux password change on the local admin account already.. Said it worked, but when it came to logging in it still did not like the password :(

 

Hmmm. I've had the same situation before when changing the local admin password on a domain member workstation. Worth a go though.

Link to comment
Share on other sites
MarkR Newbie

MarkR

Posted
Posted

I don't think the DS restore password is the same as the admin one. When you do a dcpromo you're prompted to enter a DS Restore password as part of the domain controller promotion process. Have you tried all the usual ones that most untrained chaps use (blank, password, admin.. etc?). Have you got more than one DC? Does this server perform any other tasks other than a dc? If so, then you could always trash it and rebuild it, then dcpromo it again.....

Link to comment
Share on other sites
carl0s Newbie

carl0s

Posted
Posted
I don't think the DS restore password is the same as the admin one.

 

I did a bit of googling, and I think it is.

 

Many documents suggest using an offline password changing tool (i.e. something which works on the SAM file directly)

 

The Administrator password that you use when you start Recovery Console or when you press F8 to start Directory Service Restore Mode is stored in the registry-based Security Accounts Manager (SAM) on the local computer. The SAM is located in the %SystemRoot%\System32\Config folder. The SAM-based account and password are computer specific and they are not replicated to other domain controllers in the domain.

Link to comment
Share on other sites
MarkR Newbie

MarkR

Posted
Posted

hmmmmmm, it's been a while, but i seem to remember the restore password staying the same even if i changed the administrator pw.... i might be wrong though. Like you said though, Winternals administrator pack is very good at changing passwords, as well as various linux utils (astrumi, backtrack etc..). I'll give it some more thought.....

Link to comment
Share on other sites
carl0s Newbie

carl0s

Posted
Posted

Well yes, the restore mode password will stay the same.

That's the point. The restore mode password is stored in the local SAM - just like local users on a workstation. The usual administator password on a DC is stored in Active Directory.

 

The following kind of comfirms it anyway, just ignore steps four onwards since he is trying to reset the Active Directory admin password, for which he needed to reset the DSRM admin password first.

 

So, steps 1 to 3 only, except that I recommend you use the tool above rather than the freeware linux based utility that this chap mentions:

http://www.petri.co.il/reset_domain_admin_password_in_windows_2000_ad.htm

Link to comment
Share on other sites
carl0s Newbie

carl0s

Posted
Posted
I don't think the DS restore password is the same as the admin one.

 

I think this is where we're getting our wires crossed. The DS restore password is the *local* admin one - i.e. it's the password you would use before you ran dcpromo, except that during dcpromo you are asked to set this to a new password.

 

It's not the same as the Active Directory admin password. It's a local admin password, just like what every workstation has..

Link to comment
Share on other sites
Markie Newbie

Markie

Posted
  • Author
Posted

Yeah, good if its true, which it seems to be. But the linux password reset I used worked well, ie. Listing the local password, saying it changed the password and written chnages back to the SAM file. But as mentioned before. It did not work :(

 

When I get back into work I will try one of them other password reset programs...

 

What a pain in the ass it all is.. :(

 

Ohh.. Just a few answers to the other questions. It is just a DC/file server. Its one of about 15 in the domain.

Link to comment
Share on other sites
carl0s Newbie

carl0s

Posted
Posted
Well, the one I downloaded off that link worked a treat. So did not purchase anything.

 

I realise that, but after posting the link for you (the link was on my server), since I was breaking the law, I suggested that you *may* want to spend $40 of your companies money on buying it ;)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. You might also be interested in our Guidelines, Privacy Policy and Terms of Use.