Domain controller unavailable - How to fix?

By +Mystic
in Smart Home, Network & Security

 Share

Recommended Posts

Grand Master

Sn00pY

Posted
Posted

Are you certain you did not have a local account? you would have needed this to join the domain initially - along with necessary domain credentials.

Have you tried all admin accounts which exist on your domain to ensure there is no cached credentials on the laptop?

very worst case scenario there is some... software... you can get out there which will let you create an account with full admin access............. regardless of your current rights. I'd suggest you Google for this as I'd not be allowed to "share" this...

Grand Master

sc302 Veteran

Posted
  • Veteran
Posted

The account you are logging in with is cached. The computer cannot connect to the dc for a few reasons, time being off more than 10 minutes, it is not getting an ip address, the computer account has been removed from the domain.

Check your settings, dns, ip, date/time, computer account in ad, I am sure you will find it.

Grand Master

TurboTuna

Posted
Posted

Remove from domain.

Login with Local account

Join domain.

We have this issue at work alot, its where the Installation Team change the computer name, and join the AD without rebooting inbetween. Pretty sure there's some SID problems in there too though.

Experienced

agreenbhm

Posted
Posted

This is a very good one. It's included with the Ultimate Boot CD for Windows. Might be worthwhile to have the entire UBCD4Win at your disposal, but for this specific purpose, the utility by itself should do. Here's a link to the password reset tool: http://pogostick.net/~pnh/ntpasswd/

Grand Master

sc302 Veteran

Posted
  • Veteran
Posted

i personally use erd commander to change passwords. there are many iso's out there in the world, however it was not/is not a free solution. did you check the date and time in the bios of the pc to make sure it is on the same date and time as your server?

It is also very important that your dns entries point to AD DNS servers, no other dns servers. Your AD should redirect to external DNS for internet name resolution. If you have DHCP enabled and it doesn't do this now, change it so that it does do it, power off the pc, power on the pc and log on.

Grand Master

+Mystic MVC

Posted
  • Author
  • MVC
Posted
  On 11/02/2010 at 17:26, TurboTuna said:

This is an internet forum. If you feel insulted you shouldn't be on the internet. Sorry....

Was it really that hard to google and do a little research, though? They all do the same thing.

I come to Neowin for informed opinions that I can trust in a hurry. Thanks sc302, I think my boss said something one time about actually having ERD Commander. I'll ask him tomorrow.

Grand Master

+BudMan MVC

Posted
  • MVC
Posted (edited)
  On 10/02/2010 at 23:46, Mystic said:

There was an inital local account (an ITS one) but it is locked.

I do believe its pretty much impossible to lock out the local admin account -- IN SAFE MODE.

I am assuming IT setup the machine, and would either use a default administrator password, or record what they are when installed, etc. In safe mode you can log in with the local admin account even if it is disabled. I just tested this -- disabled the local admin, logged out - tried to log in, stated it was locked/disabled, etc.. Boot into safe mode and shazam.

post-14624-12659192827532_thumb.jpg

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

As long as you know what the password is ;) As you can see I logged with a disabled account - in safe mode ;)

You can not delete the built in admin account, you can rename it sure - so it might not be administrator, etc.

Mentor

Odom Member

Posted
  • Member
Posted

In our office we often have the same situation you are describing. The local admin acocunt gets renamed when the laptops are re-imaged, and the password is randomized periodically. Also, the local admin account is locked, unless you boot up in safe mode (like Budman explained).

So, when our ITS builds the laptops and stores them, or users keep the divisional laptops stashed away in the cupboard for months, we face the same issue. The only solution we have, short of re-imaging the laptop, is to use a boot CD, that allows you to reset the local admins password. ERD Commander, PNordahl (3mb iso, takes <1mins to fix it with this),... there are plenty. These are approved by our Operational Security. Boot fromt he CD, reset the password, then boot in Safe Mode and you can create a new account, remove the PC from the domain, etc... You can do whatever you need to fix the issue.

Grand Master

+Mystic MVC

Posted
  • Author
  • MVC
Posted

I was hoping to have an update for you guys today but no luck. Unfortunately ERD Commander was taking FOREVER to load up and was only about half way loaded after 10 minutes at the loading screen. Other than that, I didn't have time to mess with it today as I was on the phone with a Dell rep for most of my shift. I'll post back on Thursday if I have time to work on the issue.

Grand Master

+Mystic MVC

Posted
  • Author
  • MVC
Posted

Thanks guys, I was able to get logged in (in safe mode) after changing the password with ERD Commander. From there I was able to leave the domain and rejoin it. So far I haven't seen the domain controller errors, so I hope we are good to go at least for that room. I did start getting that domain controller error in another classroom this morning, so I will have to try that computer again tomorrow to see if the error is still showing up.

Experienced

IrfanL

Posted
Posted

Instead of killing the local\administrator account. Just rename it and disable. Rotate the password for local\administrator account using a logon script. Use 16 character long complex password.

AutoIt can compile batch scripts into .exe file which is encrypted.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.