Announcement

Collapse
No announcement yet.

Changed PW - Worked yesterday, not today

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Changed PW - Worked yesterday, not today

    Hi all,

    I am new to a position in charge of an AD domain at a school. Previously, they had an outside contractor who, at the moment, I cannot get in touch with. I'm hoping he'll call today.

    Anyway, the administrators of the school had a top priority of me taking over access to the domain and transitioning fully from this other guy. Well, it's a pretty simple domain with a single DC and that's about it.

    Yesterday, I took the info the contractor gave me as a login and logged in no sweat. I then changed the PW for that very account. I logged off and back on with the new PW and all was fine. I even went to a client machine on the LAN and logged in there as well.

    Now this morning, I cannot login as that user (lfdcsadmin) on the server or any other computer. I don't know if the contractor had a backdoor and changed something after I did or what, but it no longer works and until I get in touch with him (assuming he even calls, and then assuming he DID actually change something), I'm locked out of my own domain as an admin.

    This admin user (lfdcsadmin) is a member of Domain Admins and Enterprise Admins. Is there any other way I can get into this server?

    HELP PLEASE!

    Thanks!

    Chris

  • #2
    Re: Changed PW - Worked yesterday, not today

    Hi Chris, that does sound a bit suspicious to me!!
    However I'd suggest you don't do anything before you have spoken to this guy (If he makes himself contactable that is). I'm pretty sure he'd have another Admin account details as a plan B.
    If you don't get anywhere with him then you can use the resources provided here :http://www.petri.com/reset_domain_ad...er_2003_ad.htm

    Cheers
    Caesar's cipher - 3

    ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

    SFX JNRS FC U6 MNGR

    Comment


    • #3
      Re: Changed PW - Worked yesterday, not today

      It may just be locked out because a service was usign it as the credentials to start or operate with.
      cheers
      Andy

      Please read this before you post:


      Quis custodiet ipsos custodes?

      Comment


      • #4
        Re: Changed PW - Worked yesterday, not today

        L4ndy,

        Yes, suspicious indeed. He has emailed me and I await a phone call. Hopefully he'll have something intelligent to tell me.

        AndyJG247,

        I don't think the account is locked out because that is not the error message I get when trying to login.

        Thanks, guys.

        Chris

        Comment


        • #5
          Re: Changed PW - Worked yesterday, not today

          What is the message you get?
          cheers
          Andy

          Please read this before you post:


          Quis custodiet ipsos custodes?

          Comment


          • #6
            Re: Changed PW - Worked yesterday, not today

            "The system could not log you on. Make sure your username and password is correct, blah, blah, blah..."

            That one.

            OK guys... Fortunately, when I created my own personal user yesterday (after initially loggin in as admin and changing that PW), I also added my personal user to domain admins, enterprise admins, and local admins. So I was able to login as me and change everything again.

            We'll see how long this lasts, but ATM, all is well.

            Thanks!

            Chris

            [edit] Oh, I distinctly recall yesterday that I DISABLED the contractors AD account. Today, it's flat out gone. Deleted... If this guy did leave a backdoor and is messing with me, I might have to smack him.[/edit]
            Last edited by WorldBuilder; 30th July 2008, 15:50. Reason: Added more info

            Comment


            • #7
              Re: Changed PW - Worked yesterday, not today

              Check the event logs and see if anything gives you an answer there.

              How is your network connected to the Internet? If you have a firewall that you can see the access list for, you may well spot the back door.

              Comment


              • #8
                Re: Changed PW - Worked yesterday, not today

                Originally posted by WorldBuilder View Post
                [edit] Oh, I distinctly recall yesterday that I DISABLED the contractors AD account[/edit]
                No chance you renamed it maybe?
                cheers
                Andy

                Please read this before you post:


                Quis custodiet ipsos custodes?

                Comment


                • #9
                  Re: Changed PW - Worked yesterday, not today

                  Originally posted by WorldBuilder View Post
                  "The system could not log you on. Make sure your username and password is correct, blah, blah, blah..."

                  That one.

                  OK guys... Fortunately, when I created my own personal user yesterday (after initially loggin in as admin and changing that PW), I also added my personal user to domain admins, enterprise admins, and local admins. So I was able to login as me and change everything again.

                  We'll see how long this lasts, but ATM, all is well.

                  Thanks!

                  Chris

                  [edit] Oh, I distinctly recall yesterday that I DISABLED the contractors AD account. Today, it's flat out gone. Deleted... If this guy did leave a backdoor and is messing with me, I might have to smack him.[/edit]
                  If was you id enable auditing on your DC so you can at least track what is going on. Sounds to me like the previous admin still has access.

                  Comment


                  • #10
                    Re: Changed PW - Worked yesterday, not today

                    Originally posted by AndyJG247 View Post
                    No chance you renamed it maybe?
                    LOL, positive.

                    Comment


                    • #11
                      Re: Changed PW - Worked yesterday, not today

                      Originally posted by scurlaruntings View Post
                      If was you id enable auditing on your DC so you can at least track what is going on. Sounds to me like the previous admin still has access.
                      I did not enable auditing, and truth be told, that is somewhat unknown to me. But it MIGHT be enabled? Could you tell me how to check and also, what I'm looking for? Thanks!

                      Chris

                      Comment

                      Working...
                      X