Directory Serviced Restore Mode Administrative Password when using DCPROMO
- I have a mixed mode NT/2003 AD network.
The primary AD2003 Box is to be replaced.
I have built up a new Windows 2003R2SP2 box to replace the old one.
All patched up to the latest patches.
All configured with static IP and have joined the domain as a member server.
I am progressed to the point of running the DCPROMO
I am following the process of adding additional Domain controllers via the http://support.microsoft.com/kb/238369
I have a question when it comes to step *16* where it is asking to setup a password for the recovery:
" Directory Serviced Restore Mode Administrative Password " Admin password.
Since this is an additional DC, that will eventually replace the existing, by trasferal of roles as in the kb 324801
Should the password be a unique password, or is there an existing password that I should be using here, such as the Domain Administrator password?
Thanks
Adam
Answers
- Adam,
it's a local account password - separate from the Domain Admin password. Its choice is arbitrary - although it would likely make sense to keep it consistent across your DCs...
hth
Marcin Hi,
On every new domain controller, whether it has been upgraded from a Windows NT 4.0–based domain controller or it was made a domain controller after a clean installation of Windows Server 2003, the Active Directory Installation Wizard prompts you for an Administrator account password that is to be used for authenticating to the Security Accounts Manager (SAM) database when the computer is started in Directory Services Restore Mode.
Starting a domain controller in Directory Services Restore Mode causes the domain controller to temporarily operate as a stand-alone server. When operating in this mode, the SAM database uses a minimal set of user and group definitions stored in the registry.
So, this is a local account password and not related to the Domain Administrator password.
Regards,
Bruce
- Yes - there are (e.g. Advanced Mode) - however, this has no impact on the question you raised - the same asnwer still applies...
hth
Marcin- Marked As Answer byMac506 Wednesday, November 04, 2009 2:05 PM
All Replies
- Adam,
it's a local account password - separate from the Domain Admin password. Its choice is arbitrary - although it would likely make sense to keep it consistent across your DCs...
hth
Marcin - Thank you for the cliarificaton, I did not want to assume.
I have a mixed mode NT/2003 AD network.
Hi
The primary AD2003 Box is to be replaced.
I have built up a new Windows 2003R2SP2 box to replace the old one.
All patched up to the latest patches.
All configured with static IP and have joined the domain as a member server.
I am progressed to the point of running the DCPROMO
I am following the process of adding additional Domain controllers via the http://support.microsoft.com/kb/238369
I have a question when it comes to step *16* where it is asking to setup a password for the recovery:
" Directory Serviced Restore Mode Administrative Password " Admin password.
Since this is an additional DC, that will eventually replace the existing, by trasferal of roles as in the kb 324801
Should the password be a unique password, or is there an existing password that I should be using here, such as the Domain Administrator password?
Thanks
Adam
These also may help you with that
http://eniackb.blogspot.com/2009/02/how-to-create-first-domain-controller.html
http://eniackb.blogspot.com/2009/02/how-to-add-second-domain-controller-in.html
I hope that the information above helps you. This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.Hi,
On every new domain controller, whether it has been upgraded from a Windows NT 4.0–based domain controller or it was made a domain controller after a clean installation of Windows Server 2003, the Active Directory Installation Wizard prompts you for an Administrator account password that is to be used for authenticating to the Security Accounts Manager (SAM) database when the computer is started in Directory Services Restore Mode.
Starting a domain controller in Directory Services Restore Mode causes the domain controller to temporarily operate as a stand-alone server. When operating in this mode, the SAM database uses a minimal set of user and group definitions stored in the registry.
So, this is a local account password and not related to the Domain Administrator password.
Regards,
Bruce
- Just a CYA question
On the MSKB: http://support.microsoft.com/kb/238369
It is in Refering to Windows 2000 Server, is there any differences between that and the Windows 2003 R2 Sp2 for steps involved? - Yes - there are (e.g. Advanced Mode) - however, this has no impact on the question you raised - the same asnwer still applies...
hth
Marcin- Marked As Answer byMac506 Wednesday, November 04, 2009 2:05 PM
- The Wizard bombed, but I loaded the Windows 2003 R2
Ok, Looking again at the primary DC, it is running the Windows 2003 Standard SP2 (not R2)
Would my best option to be reloading the OS on the New Server with same setup Windows 2003 SP2, rather thent he R2?
Then transision the windows 2003 to R2 later on closer to when the mixed mode of AD is being converted to native?
