Deleted Machine Account Unrecoverable.

Windows 2000 Server
Hello Everyone, I have a Windows 2000 server primary domain controller with a deleted machine account. I have tried the commands listed in the microsoft knowledge base, in order to recover the account but all have failed. On a normal boot, the server does not start netlogon and hangs on the state of "stopping". This does not allow me to access my backup services to use the tapes in order to restore the system state before the account was deleted. I have tried resetting the secure channel using netdom commands, and have checked netlogon registery values but all seems fine and the netdom commands failed. Since Netlogon won't start, it won't create an LDAP connection. So the command dcdiag /s:localhost /repairmachineaccount will not complete successfully and returns: [localhost] LDAP connection failed with error 58, The specified server cannot perform the requested operation.. ***Error: The machine, localhost could not be contacted, because of a bad net response. Check to make sure that this machine is a Domain Controller. Which is interesting since the server "USERSERV" network identification says it is still part of the domain as a domain controller. With LDAP connection failed I can't force and complete file replication successfully with the other servers. The PDC still carries the FSMO roles but can't use them. I can presently log into the directory restore mode using the domain password, since the machine account has been deleted. I tried using the commands: ntdsutil: authoritative restore authoritative restore: restore subtree ?cn=userserv,ou=Domain Controllers,,dc=au? But it has returned the error: Could not find object with the given DN: failed on component ? I am beginning to think I have to reinstall windows 2000 server in order for it to restore the machine account password. The server still won't talk to the secondary DNS Server since it cannot run its own, giving the error: Event ID 5781 Netlogon errors that state. "Dynamic Registration or deregistration of one or more DNS records failed because no DNS servers are available." Should I admit defeat and reinstall the Windows 2000 server and reconfigure, or is there something else I could do to save myself a large amount of time? The commands i have used from the Microsoft knowledge base are the following:;en-us;248132&sd=tech Any help would be much appreciated. thanks OZTECHMATE

Answer Wiki

Thanks. We'll let you know when a new response is added.

You hadn’t mentioned it specifically, but it sounds like you might have another domain controller in the AD. If this is true you can do the following without have to completely reinstall:

1) Seize all of the FSMO roles on the other domain controller

2) run DCPROMO /FORCEDEMOTION on the ailing domain controller

3) Remove any orphaned objects in the AD on the good DC.

4) Reboot the ailing DC

5) Use DCPROMO to build the AD back up on the machine.

6) Move the FSMO roles to the new domain if you like

Of course, if my initial assumption is wrong and you do not have another DC – then you will have to rebuild the DC and restore from tape.

Discuss This Question:  

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: