Windows Server 2008 R2 Thread, Locked out of DC in Technical; I've been a silly boy. Luckily this is in a test environment so it's not too much of an issue, ...
25th February 2013, 11:33 AM #1
Locked out of DC
I've been a silly boy. Luckily this is in a test environment so it's not too much of an issue, but I would like to learn how to repair if possible:
We have a fresh R2 server set up with AD services, replicating with a main DC. We had another test machine, a client, set up with the SAME computer name on the domain. Was set up a few weeks ago and forgotten about. I renamed the client box to avoid the duplicate name, which has obviously taken the name out of AD, so the replicating AD server can no longer log in as the "security database on the server does not a have a computer account on the domain". D'oh.
I cannot log in locally, either as the domain admin, or .\admin. Cannot log in under safe mode with networking. I can log in with straight safe mode, but cannot do much as networking is not loaded.
What is the correct way to fix this stupid mistake?
25th February 2013, 11:46 AM #2
Is the DC doing anything other than AD Controller? (The one you cant log in to?)
25th February 2013, 11:48 AM #3
No, just AD / DNS replica
25th February 2013, 11:51 AM #4
25th February 2013, 12:10 PM #5
Can't you just create a new computer account for it in AD?
25th February 2013, 12:15 PM #6
I dont think that would work (IMO, again, could be wrong) AD computers are special ones I think and cant just be Right Clicked > New Computer...
Originally Posted by detjo
25th February 2013, 12:18 PM #7
Yea, wouldn't surprise me. Was looking for an easy way out really. I'd still give it a go, just in case.
Originally Posted by mmoseley
25th February 2013, 12:25 PM #8
what server version is the other dc as you may be able to retrieve the computer account from ad recycle bin? failing that i assume being a test its not backed up so you cant roll back to a previous version of ad?
25th February 2013, 02:47 PM #9
The other DC is straight 2008 (not R2). Making a new computer account does not work FYI.
Not to worry - was a test box so will re-do it.
25th February 2013, 03:52 PM #10
I'm surprised you were able to add a workstation with the same name as a DC... if it's that easy to break a domain, I'm surprised no students have thought of this before.
When removing from the domain, the computer object is disabled and not removed as such. I'm not sure if there's something you can run in PowerShell or a CD you can boot from. I think this is more so for resetting passwords rather than re-enabling computer objects - especially for a DC.
Also for your reference, you can't login locally to a DC. Only member servers or workstations.
By ticker in forum Internet Related/Filtering/Firewall
Last Post: 30th March 2011, 01:13 PM
By jessen_62 in forum Windows
Last Post: 5th March 2009, 05:30 PM
By gibit in forum Windows Server 2000/2003
Last Post: 25th February 2009, 11:49 PM
By OverWorked in forum Windows
Last Post: 23rd February 2008, 10:00 PM
By mrcrazy04 in forum Windows
Last Post: 15th March 2007, 06:54 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)