0

I'm kinda stumped about how this happened. As you guessed, I removed the AD DS role (involved demoting the Server from Domain Controller), but now when I log into the Administrator account, it doesn't log me into my actual Administrator account.

It seems to have created a new Administrator account with the User folder Administrator.[server name]. However, my actual Administrator account with all my files and stuff is still in the Users folder, just under the name Administrator, but I'm not really able to access it.

My issue is a lot like this this one, but the thing here is that my situation is kinda the opposite, where his account files are under the new Administrator.[server name] account, and in the Spiceworks answer I wasn't able to locate any SID.bak subkey in any of the Users.

I did delete the folder as suggested in the Spiceworks answer, but now it just signs me in with a temporary profile, without creating another Administrator.[server name] User folder.

One thing I guess I should note is that the login screen is still on the "Other User" login screen, which from what I can infer is still a remnant from when I had AD DS installed, but didn't revert for some reason.

So, how do I get to log back into my account as normal?

pizzaboxer
  • 1
  • 1

1 Answers1

1

When you created your domain, you carefully made note of your Active Directory Services Recovery Mode ("DSRM") password and stored it in your password manager. This is the time to use it: When you demote an AD controller, it basically reverts to using its old local password for its local Administrator account instead of relying on the AD Administrator account.

(You can "fake" this situation by starting a domain controller in Active Directory Recovery Mode via the F8 key on startup).

The local administrator account does not share its SID with the domain admin account, and therefore has a different home directory. Everything is as expected, in other words.

To log on as the AD administrator, re-connect the machine to your AD, but as a regular member server. (I don't remember if demoting an AD controller removes it from the AD too, but my gut feeling is that it probably does).

Mikael H
  • 5,031
  • 2
  • 9
  • 18
  • 1
    FYI: Demoting a Domain Controller does not remove it from the domain unless it is the last Domain Controller in the domain. If it isn't the last Domain Controller in the domain then it becomes a member server in the domain. – joeqwerty Mar 13 '20 at 11:35
  • I guess I was somewhat unclear but I was trying to log onto the local Administrator which has all my settings and shortcuts and stuff, not the AD administrator – pizzaboxer Mar 13 '20 at 17:24