System Status
Buy Now
  • Email & Apps
  • Office 365
Login
  • MyRackspace Portal
  • Cloud Control Panel
  • Rackspace Webmail Login
  • Cloud Office Control Panel
  • Support Home
  • How-To
  • Developer Documentation
  •  Blogs 
    • Expert Insights Tech Blog
    • Rackspace Blog
    • Solve: Thought Leadership

Support Network

End-to-End Multicloud Solutions.   Solving Together.™   Learn more at Rackspace.com

How–To Home

Cloud Servers

  • Introduction
  • FAQ
  • All Articles

Common Windows issues: Why resetting a password fails on a domain controller

Last updated on:  2021-05-14

Authored by:  Richard Goodwin


Problem

After you request a password reset for a Windows® Server® that acts as a Domain Controller (DC), the password does not reset. The Rackspace Cloud Server Agent service attempts to alter the local Security Accounts Manager (SAM) account for the administrator and reports a failure, but the password reset appears to complete successfully.

Explanation

A DC does not have any local accounts. When you promote a server to a DC, the system removes all local accounts, and the Active Directory (AD) database handles all authentication, access permissions, group memberships, and so on. Because there are no local accounts, the password reset command applied to the local administrator account fails. When you attempt to clone a DC, the operation fails on multiple levels. Even if the cloned DC allows you to reset the administrator’s password, it doesn’t work because it detects a duplicate DC within the forest. This scenario is impossible when you install server (rather than cloning it) because of how AD handles computer names by ensuring that all names are unique.

When you change the name of the cloned DC, another failure occurs because DNS (and hence AD because they are tied together) cannot locate the name of the Start of Authority (SOA) for the AD domain zone file. The computer object in the DC’s container in AD does not match, so the cloned DC abides by all the rules when it boots. However, after it starts, it isolates from the network and shuts down all directory services attributes. The cloned DC gets to the login prompt, but you have to boot into Directory Services Restore Mode to clean all the metadata.

Conclusion

Do not clone a Rackspace Cloud Server configured as a DC. Demote the current DC before you save the server image to create new servers.

Use the Feedback tab to make any comments or ask questions. You can also click Let’s Talk to start the conversation.

Share this information:

©2020 Rackspace US, Inc.

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License

See license specifics and DISCLAIMER

About Rackspace
  • About
  • Customer Stories
  • Events
  • Programs
Blogs
  • The Rackspace Blog
  • Expert Insights Tech Blog
  • Solve: Thought Leadership
  • News
  • Contact Information
  • Legal
  • Careers
Site Information
  • Style Guide for Technical Content
  • Trademarks
  • Privacy Statement
  • Website Terms
Support Network
  • Support Network Home
  • Rackspace How-To
  • API Documentation
  • Developer Center
  • ©2020 Rackspace US, Inc.