I'd give that a 50/50 chance of working at best. Keep in mind that the restored computer account could have a different secure channel password, at which point it won't work. It would also have to be done as an authoritative restore.
Frankly, I'm of the opinion that I'd rather mess with one computer account rather than one AD domain in order to fix the issue. I'm also of the opinion that if this was operator error, my good friends Guido and Vinnie[1] need to visit said admin and give a crash course in change control procedures and change process management. ------------------------------------------------------ Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA [1] They're consultants. I'll leave it at that. > -----Original Message----- > From: Linton Smith (WBTQ) [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, December 31, 2002 12:27 PM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] recovering a computer > > > Hi Rick, > > I'm a bit confused by this. When a member server is added to > a domain, Domain Admins is added to the local Administrators > group. Assuming all is well, a Domain Admin can remotely > change the local administrator password. > > Now, if Don were able to restore the computer account, > thereby putting the member server back into the domain, could > he not do this? I'm not saying that this is the ideal > solution, as there would likely be a number of ugly > ramifications, but would this not work? > > Don, have you tried logging onto the console of the system > with a Domain Admin account that has been used on the system > in the past. Cached credentials should allow you to log on > locally using the domain account. I'd pull the network cable > from the box first before attempting this. > > Linton > > > -----Original Message----- > From: Rick Kingslan [mailto:[EMAIL PROTECTED]] > Sent: Monday, December 30, 2002 10:42 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] recovering a computer > > > > Don, > > Restoring the computer object in AD will have no effect > on the administrator password on the computer itself. You > will have to revert to a password recovery tool like ERD > Commander from Winternals. > > Thanks for helping me to understand the complete > picture. I was sure I wasn't seeing it all, and you > explained it perfectly. > > Sorry for the less than optimal solution, however. All > is not lost - just a tad bit more expensive from the > standpoint of the solution. But, ERD is a great tool to > have, nonetheless. > > Regards, > > Rick Kingslan MCSE, MCSA, MCT > Microsoft MVP - Active Directory > Associate Expert > Expert Zone - www.microsoft.com/windowsxp/expertzone > > > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Don Murawski (Lenox) Sent: Monday, December 30, 2002 9:31 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] recovering a computer The computer was deleted from the an OU. Now the local administrator password was and is lost. My question is? Can I do a restore of that OU to recover the computer account. The server is a remote location. So, restoring the administrator password will be tough. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
