HELP: Active Directory Problem

By berry.lee ·
Appreciate if someone can contribute the advice here. Very much grateful.

Here is my question:
Few days ago, i was booted up the old PDC server which was shut down few months ago.
1 day later, i encounter the problem not able to resolve the name of my windows 2003 BDC server and return the error "Logon Failure:The target account name is incorrect". It is working fine when using the ip address.
So i tried to shut down to avoid the error but it doesn't resolve my problem.

I tried to ping from cmd.exe, it can be ping successfully.
I found is DNS is working fine when i troubleshoot using the nslookup.
Then I tried the NET VIEW with the server name and server ip address. It return the following result:
C:\Documents and Settings\berry>net view \\bdc
System error 5 has occurred.

Access is denied.

C:\Documents and Settings\berry>net view \\
Shared resources at \\


Share name Type Used as Comment

Config Backup
faxclient Disk Microsoft Shared Fax Clients
hpLaserJ Print Printer on BDC
NETLOGON Disk Logon server share
SYSVOL Disk Logon server share
Techincal Documents
Test Results Disk
The command completed successfully.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

OK I'm more than slightly confused by your question

by HAL 9000 Moderator In reply to HELP: Active Directory Pr ...

From what I read you booted up your Primary Domain Controller which runs AD and it's not been running for months and allowed it to connect to your Backup Domain Controller and then for some reason after the connection was established it failed. Is that what you are saying?

From the way that I read this the PDC has been decommissioned and replaced by what you are calling the BDC which if it's been running for a few months must have been promoted to the PDC.

By your description the old unit logged on established a connection copied over the AD and then promptly failed to maintain a connection with the Backup Domain Controller.

Or did you connect this some other way? I'm not really sure what's actually going on here from a hardware point of view and I certainly do not understand why the Primary Domain Controller would be taken off line for so long deliberately.

Or is it just that you mean something other than Primary Domain Controller when you say PDC and something different to Backup Domain Controller when you say BDC?


Collapse -

Sorry for the confusing...

by berry.lee In reply to OK I'm more than slightly ...

Sorry, my English is not good and make some trouble to you.

PDC=Primary Domain Controller
BDC=Backup Domain Controller

Yes, you are right. I was recently booted up the PDC which had been decommissioned for few months times. When it connected to our network, i found that the BDC is not working fine as usual. Not only the browser problem, but also the active direcotry problem.
The user i recently created from the Active Directory cannot login to our domain. However the existing user accounts are still working fine to login to the domain.
Another issue is, i can't able to join my pc to the domain anymore

I'm not sure why the PDC was decommissioned from our domain because that was done before i joined. For these couple of months, we are using the BDC as the PDC. Why am i said so, because I found that neither the BDC was properly promoted to PDC nor the PDC demoted to BDC. They just shut down the PDC and use the BDC to work as usual.

Hope this clear your doubt.



Collapse -

OK Now I understand what's happened

by HAL 9000 Moderator In reply to Sorry for the confusing.. ...

When you returned the PDC to the System it should have saved the AD Settings to itself. I'm taking it that it did actually log in and act as the PDC if even for a short time and at the same time it would have attempted to rewrite the AD settings in it to the BDC as after all it is the Primary Domain Controller so it controls everything.

When the BDC had it's AD overwritten I'm assuming that it was at that point in time that the PDC was kicked off the LAN and the BDC started acting up as it had been working for some time as the PDC even if it wasn't promoted to this role hence your trouble now as you have a corrupt AD which is preventing any new users since the original PDC has been removed for working correctly.

Finding out WHY is the easy bit it's much harder to fix from here. If you have a store of your AD settings you might like to restore these to the BDC and start over and promote it to the PDC, failing that how do you feel about rebuilding the AD?


Collapse -

Restart the AD, SCARY...............

by berry.lee In reply to OK Now I understand what' ...

I thought the BDC will act as the backup domain controller when the PDC is not present. When the PDC represent in the network, the BDC will overwrite the AD back to the PDC first then after it will act as the Primary Domain Controller again.
If this assumption correct?

I believe my AD over BDC has corrupted. But what i don't understand is why the PDC will overwrite the setting to the BDC not the backup overwrite the AD to the primary first which has been shut down for such a long time?

I'm a bit lost because i have no experience in Active Directory. What i worry is, rebuild a new Active Directory.....
Is there any alternative for me beside restore the AD?


Collapse -

Actually what should happen is that the

by HAL 9000 Moderator In reply to Restart the AD, SCARY.... ...

PDC will overwrite the BDC as the PDC is the Primary Device and not a Backup so it has the Master Copy of the AD among other things.

Now what has happened here is that the PDC has been taken out of service and the BDC has been, benign used as a PDC and any alterations to AD will have been saved there but when you replaced the PDC it should have overwritten the existing AD to what used to be there and as we don't know why it was removed it could have been because of a Corrupt AD that was never rebuilt. I don't know it could have been something completely different and a perfectly reasonable explanation as well but then when it was reconnected the system crashed so I would be thinking of a Corrupt AD as the first option.

If you have a backup of the AD that would make things very easy to repair as all that would be required to to overwrite the existing corrupt AD with the Backup Copy and then everything should work again OK. Rebuilding it though is a completely different story as it's not something to do for the fun of it. Well by Sane People anyway.

Basically here you have to delete the entire AD add the Work Groups and then start to setup the thing to the way that you want it to work, sorry that I can't give you a better description than that as I don't know exactly what the thing is actually doing or how it's been configured things like this are what I call Nightmare Jobs. As they generally turn out to be just that a Nightmare to deal with, however on the up side they do teach you a lot so they are worth doing.

Lets know if I can be of any more help.


Collapse -

Stuck before restore

by berry.lee In reply to Actually what should happ ...

Now i encounter another problem before my restore job.
I'm trying to boot into the Active Directory Restore Mode from the boot menu options, i can't login using the local administrator account.
The problem now is, we don't know how to reset the local administrator password from Windows 2003 Backup domain controller.

Any suggestion.


Collapse -

Yes I have quite a few suggestions but none are printable.

by HAL 9000 Moderator In reply to Stuck before restore

As I'm supposing that the AD is now toast and it's no longer accepting the Authorised Passwords you really only have the Brute Force approach. Blow everything away reinstall and restore from your backup.

You could try one of the many available Password Crackers but I'm guessing that these will run for a long time come up with gibberish and still not work. You could try one and just run a Goggle Search for a Password Cracking tool and take your pick and try that but if it runs longer than 30 minutes I would give up on the entire thing and just wipe with something like Boot & Nuke available here

Then perform a clean install and when it's working restore from your Backups. After all this has been down for some time now and it must have reached the stage where it will be cheaper to install than attempt to repair from a purely Business point Of View.


Collapse -

you can reset the local machine password

by CG IT In reply to HELP: Active Directory Pr ...

the program I use is passware. It will show you the administrators account name and will reset the administrators local machine password.

It does NOT provide the directory services restore password [yes that can be set differently than the administrators account password].

I would cut my losses and do a rebuild from scratch if you don't know the directory services restore administrators password .

Related Discussions

Related Forums