Deleted Machine Account Unrecoverable.

0 pts.
Tags:
Servers
Windows 2000 Server
Hello Everyone, I have a Windows 2000 server primary domain controller with a deleted machine account. I have tried the commands listed in the microsoft knowledge base, in order to recover the account but all have failed. On a normal boot, the server does not start netlogon and hangs on the state of "stopping". This does not allow me to access my backup services to use the tapes in order to restore the system state before the account was deleted. I have tried resetting the secure channel using netdom commands, and have checked netlogon registery values but all seems fine and the netdom commands failed. Since Netlogon won't start, it won't create an LDAP connection. So the command dcdiag /s:localhost /repairmachineaccount will not complete successfully and returns: [localhost] LDAP connection failed with error 58, The specified server cannot perform the requested operation.. ***Error: The machine, localhost could not be contacted, because of a bad net response. Check to make sure that this machine is a Domain Controller. Which is interesting since the server "USERSERV" network identification says it is still part of the domain as a domain controller. With LDAP connection failed I can't force and complete file replication successfully with the other servers. The PDC still carries the FSMO roles but can't use them. I can presently log into the directory restore mode using the domain password, since the machine account has been deleted. I tried using the commands: ntdsutil: authoritative restore authoritative restore: restore subtree ?cn=userserv,ou=Domain Controllers, dc=my.domain.name,dc=au? But it has returned the error: Could not find object with the given DN: failed on component ?dc=my.domain.name?. I am beginning to think I have to reinstall windows 2000 server in order for it to restore the machine account password. The server still won't talk to the secondary DNS Server since it cannot run its own, giving the error: Event ID 5781 Netlogon errors that state. "Dynamic Registration or deregistration of one or more DNS records failed because no DNS servers are available." Should I admit defeat and reinstall the Windows 2000 server and reconfigure, or is there something else I could do to save myself a large amount of time? The commands i have used from the Microsoft knowledge base are the following: http://support.microsoft.com/?kbid=257288 http://support.microsoft.com/default.aspx?scid=kb;en-us;248132&sd=tech Any help would be much appreciated. thanks OZTECHMATE
ASKED: November 23, 2004  5:26 PM
UPDATED: March 5, 2008  8:33 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.

You hadn’t mentioned it specifically, but it sounds like you might have another domain controller in the AD. If this is true you can do the following without have to completely reinstall:

1) Seize all of the FSMO roles on the other domain controller

2) run DCPROMO /FORCEDEMOTION on the ailing domain controller

3) Remove any orphaned objects in the AD on the good DC.

4) Reboot the ailing DC

5) Use DCPROMO to build the AD back up on the machine.

6) Move the FSMO roles to the new domain if you like

Of course, if my initial assumption is wrong and you do not have another DC – then you will have to rebuild the DC and restore from tape.

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following