We have used the Winternals Linux-based pwd recovery disks with much success. Another alternative, but one of last resort IMHO, is to boot to either a *nix cd or diskette with NTFS support (there are numerous *nix distros out there that can be burned to cd and booted to for forensics and other disaster scenarios) or DOS and run some tool, such as NTFS-DOS Pro, which will allow you to mount the file system and simply delete the SAM file. Reboot, and a new SAM is created automatically with a blank admin pwd. Login as admin with blank pwd and start recreating any local accts and resetting the perms. Again, this is a last-ditch effort to get it back up and running, and I have never had to use this on Exchange and do not know the possible gotchas here. Hope this helps!
-----Original Message----- From: Rick Kingslan [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 31, 2002 7:35 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] recovering a computer Now that I know that this is an Exchange box - I even more emphasize the value of doing it the easy and safe way. ERD Commander form www.winternals.com is the best way to accomplish what you need, Don. Good Luck! Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of > Purviance, Chad > Sent: Tuesday, December 31, 2002 7:49 AM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] recovering a computer > > > Personally since this is an Exchange server, I would spend > the $400 and get the ERD commander CD. This is much more the > PW recovery, it is a full XP OS off of a CD. Very Very useful. > > A cheaper solution would be the www.lostpasswords.com > recovery for $200 but it is PW only and takes a bit more setup. > > This is an Exchange server!! > Buy ERD > Run ERD and reset Password > Login locally and join to domain > Reboot. > > Any other method with Exchange and I promise you ... you will > remember fondly the moment when you could have just reset the > password. :-) > > > > Chad Purviance > Prinicipal Consultant > Broadwing IT Consulting > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, December 31, 2002 6:57 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] recovering a computer > > Seems like ERD Commander is the better choice in this case. > There's also a free Linux bootdisk out on the net that can do > the same thing. > > In either case, you're really talking about telling someone > to boot off a floppy, and walk through a few quick steps and > you can change the admin password without much effort. > > Of course, this also goes to show why physical security is so > important - if people can physically get to your servers, you > can't stop them. > > Roger > ------------------------------------------------------ > Roger D. Seielstad - MCSE > Sr. Systems Administrator > Inovis - Formerly Harbinger and Extricity > Atlanta, GA > > > > -----Original Message----- > > From: Don Murawski (Lenox) [mailto:[EMAIL PROTECTED]] > > Sent: Monday, December 30, 2002 10:31 PM > > To: '[EMAIL PROTECTED]' > > Subject: RE: [ActiveDir] recovering a computer > > > > > > The computer was deleted from the an OU. > > Now the local administrator password was and is lost. > > My question is? Can I do a restore of that OU to recover > > the computer account. > > The server is a remote location. > > So, restoring the administrator password will be tough. > > > > -----Original Message----- > > From: Rick Kingslan [mailto:[EMAIL PROTECTED]] > > Sent: Monday, December 30, 2002 10:24 PM > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] recovering a computer > > > > > > Ahhh..OK - different issue. If the administrator > > password was lost on a system, recovering the computer object > > is not going to help. Using a tool like ERD from Winternals > > at www.winternals.com would be a reasonable solution. > > > > Or, are we talking about the administrator password in > > AD? If so, pwdump and L0phtCrack has been used successfully > > in this case - given the right conditions. > > > > Rick Kingslan MCSE, MCSA, MCT > > Microsoft MVP - Active Directory > > Associate Expert > > Expert Zone - www.microsoft.com/windowsxp/expertzone > > > > > > > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]] On Behalf Of Don > > Murawski (Lenox) > > Sent: Monday, December 30, 2002 8:50 PM > > To: '[EMAIL PROTECTED]' > > Subject: RE: [ActiveDir] recovering a computer > > > > > > the administrator password was lost > > > > -----Original Message----- > > From: Rick Kingslan [mailto:[EMAIL PROTECTED]] > > Sent: Monday, December 30, 2002 9:46 PM > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] recovering a computer > > > > > > Hmmmm. I've usually found it much > > easier to join the computer to a workgroup (pick the name... > > doesn't matter) then, reboot as directed. Join the computer > > back to the domain, reboot again, as directed. Move the > > computer object from the Computer Container to the appropriate OU. > > > > It's not worth the time, IMHO, to > > recover a single computer object. Now, if this was computer > > of great importance that it is no longer in AD and cannot be > > simply recreated and password synched via the method outlined > > above - give us the scenario. The collective knowledge > > should be able to help. > > > > Rick Kingslan MCSE, MCSA, MCT > > Microsoft MVP - Active Directory > > Associate Expert > > Expert Zone - > > www.microsoft.com/windowsxp/expertzone > > > > > > > > > > > > > > -----Original Message----- > > From: > > [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]] On > Behalf Of Don > > Murawski (Lenox) > > Sent: Monday, December 30, 2002 7:43 PM > > To: [EMAIL PROTECTED] > > Subject: [ActiveDir] recovering > > a computer > > > > > > Does anyone know how to recover > > a deleted computer account in AD? > > > > > > Don L Murawski > > Sr. Network Administrator - > > MCSE 4.0, 2000 > > WorldTravel BTI > > 1055 Lenox Park Blvd > > Suite 420 > > Atlanta, GA 30319 > > Phone: (404) 923-9468 > > Fax: (404) 949-6710 > > Cell: (678) 549-1264 > > > > > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > +++The information transmitted is > intended only for the person or entity to which it is > addressed and may contain confidential and/or privileged > material. Any review, retransmission, dissemination or other > use of, or taking of any action in reliance upon, this > information by persons or > entities other than the intended recipient is prohibited. > If you received > this in error, please contact the sender and destroy any > copies of this document.+++ The information transmitted is > intended only for the person or entity to which it is > addressed and may contain confidential and/or privileged > material. Any review, retransmission, dissemination or other > use of, or taking of any action in reliance upon, this > information by persons or entities other than the intended > recipient is prohibited. If you received this in error, > please contact the sender and destroy any copies of this document. > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
