I have a Windows 2000 server primary domain controller with a deleted machine account. I have tried the commands listed in the microsoft knowledge base, in order to recover the account but all have failed.
On a normal boot, the server does not start netlogon and hangs on the state of "stopping". This does not allow me to access my backup services to use the tapes in order to restore the system state before the account was deleted.
I have tried resetting the secure channel using netdom commands, and have checked netlogon registery values but all seems fine and the netdom commands failed.
Since Netlogon won't start, it won't create an LDAP connection. So the command dcdiag /s:localhost /repairmachineaccount will not complete successfully and returns:
[localhost] LDAP connection failed with error 58, The specified server cannot perform the requested operation..
***Error: The machine, localhost could not be contacted, because of a bad net response. Check to make sure that this machine is a Domain Controller.
Which is interesting since the server "USERSERV" network identification says it is still part of the domain as a domain controller.
With LDAP connection failed I can't force and complete file replication successfully with the other servers.
The PDC still carries the FSMO roles but can't use them.
I can presently log into the directory restore mode using the domain password, since the machine account has been deleted.
I tried using the commands:
ntdsutil: authoritative restore
authoritative restore: restore subtree ?cn=userserv,ou=Domain Controllers, dc=my.domain.name,dc=au?
But it has returned the error:
Could not find object with the given DN: failed on component ?dc=my.domain.name?.
I am beginning to think I have to reinstall windows 2000 server in order for it to restore the machine account password.
The server still won't talk to the secondary DNS Server since it cannot run its own, giving the error:
Event ID 5781 Netlogon errors that state. "Dynamic Registration or deregistration of one or more DNS records failed because no DNS servers are available."
Should I admit defeat and reinstall the Windows 2000 server and reconfigure, or is there something else I could do to save myself a large amount of time?
The commands i have used from the Microsoft knowledge base are the following:
Any help would be much appreciated.
November 23, 2004 5:26 PM
March 5, 2008 8:33 PM