Recover Access to Windows Domain Controller


Task 2 – Recover Access To Domain Controller

Currently tested with

  • Windows Server 2003 R2 Enterprise Edition SP2
  • Windows Server 2003 R2 Standard Edition SP2
  • Windows Server 2003 Standard Edition SP1


This part assumes that you have the local machine admin account. If not, please check back the password recovery procedures.
[Password Reset for Windows NT/XP/2K3/Vista]

Once you have completed the steps above, proceed with the steps below.
1) During boot time, press F8.
2) A windows startup menu will appear. Please select “Windows Directory Services Restore Mode

3) Login to the system using the local machine admin account.

4) Copy srvany.exe and instsrv.exe to C:\temp\. Click Start>Run and type cmd. A command prompt will pop out and type

<b>cd C:\temp</b>
copy C:\WINDOWS\System32\cmd.exe

instsrv RecoverAD "c:\temp\srvany.exe"

sc config RecoverAD start= auto

sc config RecoverAD type= own type= interact

It will look something like this,

We need to configure SRVANY to make this work. Open regedit and point to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RecoverAD
Create a new subkey Parameters and create these values under it.

Your password must apply to the current policy setting (eg. password complexity). Failure to adhere with the policy setting will break this step. The password will not change.

5) Exit regedit. Reboot the server. Wait a while during the logon screen.

6) Logon to the server using the password you\’ve set in the registry.

7) There you have it.
To remove the RecoverAD service, open the command prompt and delete the service by typing

<b>sc stop RecoverAD
sc delete RecoverAD</b>