Trust lost and local admin disabled
My development laptop has lost the trust relationship to the domain and the local administrator is disabled.
1. I can login with the domain admin account, but it doesn't think it's an admin so I can't apply the trust patch
2. I've tried following the instructions in
http://social.technet.microsoft.com/Forums/en/w7itprosecurity/thread/a200d87f-2f1e-4cec-88dd-9414bc61463a, but the machine spontaneously reboots when it gets to the safe mode login prompt; is this because it still thinks it's a memeber of the domain?
All seems a bit chicken/egg - lost trust relationship means no admin, and I can't install the patch to fix it 'cos there's no admin, also "Run as administrator" grants no privileges as there are no active admin accounts.
Any suggestions?
Paul
February 12th, 2011 12:02pm
You will need to fix the account on the server
My MVP is for Windows XP, Vista and Windows 7 IT, and I am getting increasingly good with Visual Studio.
Developer |
Windows IT | Chess |
Economics | Hardcore Games |
Vegan Advocate | PC Reviews
Free Windows Admin Tool Kit Click here and download it now
February 12th, 2011 3:28pm
What do you mean by "fix" - as far as I can tell I have two choices...
Remove the Computer record from the domain, but the computer itself will think it's still in the domain
Apply the patch mentioned by KB976494, but this requires admin access to the machine which is the problem I have
Paul
February 12th, 2011 6:29pm
Hi Paul,
If you have a Windows 7 installation DVD (not a recovery DVD) you can boot the system with it to enable the built-in Administrator
account. Select the default language, then choose "Repair your computer". Then select "Command Prompt". At the command prompt type:
net user administrator /active:yes [enter]
Remove the DVD, reboot the computer, and log into the built-in Administrator account.
After that, you may download the
Remote Server Administration Tools for Windows 7:
1.
Install RSAT;
2.
Go to
Control Panel -> Programs and Features -> Turn Windows features on or off;
3.
In the treeview, go to
Remote Server Administration Tools -> Role Administration Tools -> AD DS and AD LDS Tools and select
AD DS Tools.
Please use NETDOM for joining computers to the domain.
More information:
Netdom
Netdom Examples
Regards,
Sabrina
TechNet Subscriber Support
in forum.
If you have any feedback on our support, please contact
tngfb@microsoft.comThis posting is provided "AS IS" with no warranties or guarantees, and confers no rights. |Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question.
This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
February 14th, 2011 3:30am
Hi Paul,
How are you? I would appreciate it if you could drop me a note to let me know the status of the issue. If you have any questions or
concerns, please feel free to let me know. I am happy to be of further assistance. :)
Regards,
Sabrina
TechNet Subscriber Support
in forum.
If you have any feedback on our support, please contact
tngfb@microsoft.comThis posting is provided "AS IS" with no warranties or guarantees, and confers no rights. |Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question.
This can be beneficial to other community members reading the thread.
February 17th, 2011 12:32am
Thanks that solved it - another trick I picked up a long the way was that if the machine was entirely disconnected from the network (physical and wireless), then my cached credentials still worked, so I could activate the administrator account that way
as well.Paul
Free Windows Admin Tool Kit Click here and download it now
February 19th, 2011 5:04am
Hi Paul,
I am glad to hear that our issue was resolved.
After sharing your experience you can help other community members facing similar problems.
Thanks, and have a great day! : )
Best Regards,
Sabrina
TechNet Subscriber Support
in forum.
If you have any feedback on our support, please contact
tngfb@microsoft.com
This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. |Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question.
This can be beneficial to other community members reading the thread.
February 21st, 2011 9:41pm
I'm facing the same problem as Paul, in that, the trust relation is lost, and the local administrator is disabled, plus that the only domain user that can login is not a local administrator.
I booted from the Windows 7 DVD, and into the command prompt, and ran the "net user administrator /active:yes", it says after that the command ran successfully, I reboot after, but when I try to login as the local administrator, it comes back with the
same message that the account is disabled.
Is there any reason for the command not to run successfully even though it reports that it did? Does it relate to any services not running while booting from the Windows DVD?
Maybe I'm missing a step!
Any help would be appreciated.
Thank you in advance...
Free Windows Admin Tool Kit Click here and download it now
April 7th, 2011 4:01am
I had the same problem. Try unplugging the network cable and logging in with your (cached) administrator domain credentials. If you get in, use the net user administrator /active:yes command to activate the loacal admin account. Make sure you
know the local administrator password! Plug in the network cord and then remove the computer from the domain. You should be able to log into the computer on rebooting and then rejoin the domain.
April 14th, 2011 9:49pm