locked out of server – help

Home Forums Microsoft Networking and Management Services Active Directory locked out of server – help

Viewing 1 post (of 1 total)
  • Author
  • Avatar

    Ok, I had a domain controller at our office doing file/print for about 10 staff.

    this has now died and I have started fresh with a new domain.

    2 days before my original domain controller died I added a number of web servers to the domain which are hosted off site (vpn’d)

    the day my domain controller died a number of the laptops in the office couldnt log onto the domain and would get a “the local policy of this sytem does not allow you to logon interactively”

    I wasnt sure what was happening at the time so I just got staff to log on locally. anyway, the dc died that night and ive rebuilt a new one.

    I know I was fiddling with GPO, as staff said they couldnt log on away from the office, so I was looking for something like “allow clients to connect for 8 days without DC present” or similar! but yeah, anythings possible and I could have set some sort of restriction.

    anyway I didnt think much of it at the time as the AD database shat itself and couldnt be restored so I started rebuilding..

    now all the desktops/laptops are back on – file/print services are restored. sweet… I thought.. so I went to log on to my server, to remove them from the old domain and add them to the new. I have 2 windows 2000 web servers, I can log on to one using its local admin account, but the second one gives me a “the local policy of this sytem does not allow you to logon interactively”

    I tried to logon as the domain admin of the previous domain but then it says “the domain is not available”

    I found a tool: http://www.jsifaq.com/subo/tip7200/rh7259.htm
    “Joe wrote this application “for a guy in UseNet who got locked out of a workstation after messing with local policy. It will set the SeInteractiveLogonRight and clear the SeDenyInteractiveLogonRight privileges for whatever ID is specified on whatever machine it is specified on and the Everyone well known group.””

    But I run this tool and it says:
    GetAccountSid error!
    No mapping between account names and security IDs was done.

    So how do I get back in?? Any ideas? I cant log on locally – and I cant logon with the previous domain admin account :(

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.