Trust failed with domain local admin account disabled
Help - I can't get into a users machine as the workstation's trust with the domain has failed and the local admin account is disabled so I can't rejoin it!
Thanks
May 6th, 2010 1:07pm
Did you check the SPN (Service Principal Name) value?
Add your Domain SPN to the SPN list.
Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+ Houston, TX http://blogs.sivarajan.com/ http://publications.sivarajan.com/ This posting is provided "AS IS" with no warranties, and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
May 7th, 2010 7:33am
You may remove the object from AD. Then boot in Safe Mode and you will be able to logon with the build-in Administrator account. Create another administrative account or enable the build-in Administrator. After reboot you will be logon with an administrative
account and re-join the domain.Arthur Xie - MSFT
May 11th, 2010 11:39am
Help - I can't get into a users machine as the workstation's trust with the domain has failed and the local admin account is disabled so I can't rejoin it!
Thanks
If there are no other local admin accounts on your machine, the only way to enable the default local admin is by editing the SAM registry hive. This can be done with this program:
http://www.elcomsoft.com/esr.html
Free Windows Admin Tool Kit Click here and download it now
May 16th, 2010 10:55am
You may remove the object from AD. Then boot in Safe Mode and you will be able to logon with the build-in Administrator account. Create another administrative account or enable the build-in Administrator. After reboot you will be logon with an administrative
account and re-join the domain.
Arthur Xie - MSFT
This will not work because even if he removes the object from AD, the computer itself will still be joined to the domain and the only way to be able to logon as the default local admin in safe mode is if the computer is disjoined from the domain.
May 16th, 2010 10:59am