Announcement

Collapse
No announcement yet.

Restarting a DC corrupts/resets Administrator Password

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Restarting a DC corrupts/resets Administrator Password

    Hi,

    I have a Windows 2000 domain comprising 2 Domain Controllers, lets call them server 1 and server 2.

    Whenever I restart Server 1 the domain administrator password no longer works and I have to reset it.

    Both DCs are fully patched and up to date, the machines also run DNS and there is a split DHCP pool across both machines.

    Additionally but may be related we are having a few issues with authentication against SQL Databases which I think is also an issue we have with our AD, we are getting SSPI context errors and user 'nul' errors looks like for some reason it cannot utilise the windows authentication token for windows only authentication against SQL, this may be a red herring and I only mention it as it may be relevant.

    There is nothing in the event logs on the DCs to point at why this is happening.

    Cheers

    GD

  • #2
    Re: Restarting a DC corrupts/resets Administrator Password

    Not sure about that one, others might find it useful though to know which server(s) are Global Catalogs and which servers hold which FSMO roles.
    Gareth Howells

    BSc (Hons), MBCS, MCP, MCDST, ICCE

    Any advice is given in good faith and without warranty.

    Please give reputation points if somebody has helped you.

    "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

    "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

    Comment


    • #3
      Re: Restarting a DC corrupts/resets Administrator Password

      Originally posted by gforceindustries View Post
      Not sure about that one, others might find it useful though to know which server(s) are Global Catalogs and which servers hold which FSMO roles.
      I believe that Server 2 holds all the FSMO roles and I've no idea which servers are Global Catalogs as it doesn't show up in Sites and Services on the NTDS Settings.

      A diag on the DCs output this

      Starting test: KnowsOfRoleHolders
      Role Schema Owner = CN=NTDS Settings,CN=SERVER-2
      Role Domain Owner = CN=NTDS Settings,CN=SERVER-2
      Role PDC Owner = CN=NTDS Settings,CN=SERVER-2
      Role Rid Owner = CN=NTDS Settings,CN=SERVER-2
      Role Infrastructure Update Owner = CN=NTDS Settings,CN=SERVER-2
      ......................... BES-SERVER-2 passed test KnowsOfRoleHolders

      Hope this is helpful

      GD

      Comment


      • #4
        Re: Restarting a DC corrupts/resets Administrator Password

        I find it very hard to believe that the password would change due to a reboot of a domain controller. The only vaiable and logical explination i can think of, is a start-up script that changes the admin password.
        [Powershell]
        Start-DayDream
        Set-Location Malibu Beach
        Get-Drink
        Lay-Back
        Start-Sleep
        ....
        Wake-Up!
        Resume-Service
        Write-Warning
        [/Powershell]

        BLOG: Therealshrimp.blogspot.com

        Comment


        • #5
          Re: Restarting a DC corrupts/resets Administrator Password

          What do the properties of the admin account show for password last changed?
          cheers
          Andy

          Please read this before you post:


          Quis custodiet ipsos custodes?

          Comment


          • #6
            Re: Restarting a DC corrupts/resets Administrator Password

            Originally posted by Killerbe View Post
            I find it very hard to believe that the password would change due to a reboot of a domain controller. The only vaiable and logical explination i can think of, is a start-up script that changes the admin password.
            NAIL ON HEAD; funny you should say that, we have a startup script that changes the LOCAL administrator password this is set at the route of the domain in a GPO and it appears to be acting on the DCs.

            Easy fix, thanks

            Comment


            • #7
              Re: Restarting a DC corrupts/resets Administrator Password

              Whoops

              Hope the script isn't plaintext... or at least the new password...
              Gareth Howells

              BSc (Hons), MBCS, MCP, MCDST, ICCE

              Any advice is given in good faith and without warranty.

              Please give reputation points if somebody has helped you.

              "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

              "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

              Comment


              • #8
                Re: Restarting a DC corrupts/resets Administrator Password

                Originally posted by gforceindustries View Post
                Whoops

                Hope the script isn't plaintext... or at least the new password...
                Nope it calls a variable stored in the GPO

                Comment


                • #9
                  Re: Restarting a DC corrupts/resets Administrator Password

                  Good good. Thanks for letting us know what the problem was.
                  Gareth Howells

                  BSc (Hons), MBCS, MCP, MCDST, ICCE

                  Any advice is given in good faith and without warranty.

                  Please give reputation points if somebody has helped you.

                  "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

                  "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

                  Comment

                  Working...
                  X