server 2012: administrator password expired?

Scharminkel

Senior Member
Joined
Oct 16, 2014
When I try to login with the local Administrator account I get the answer the username or password is not correct.
Some time before it went correct but I saw in the right down corner the message: change your password because it will expire in one day.I've seen this message a number of times.
Is it possible my administrator password is expired?
What must I do?
 
1. if you have installed a domain (adds) roll then the default setting is password expires after about 30 or 60 days... I always remove this setting on my server account.

p.s. if you have adds installed then you are logging in as an domain admin, not a local one... the account gets upgraded as part of the install process with the same settings as the local account had. This is an issue because once adds is installed on any Windows server you can no longer change local account settings... the only option is to un-install adds and then set your local account settings.

2. if your domain password has expired you will be promted to change it at the next logg-in... you type the old password and it asks you to enter a new one, that must be different. The default setting is 1 cap, 1 number and 1 symble so Pas$w0rd would work as would Pas$w0rd01 but again these settings can be adjusted before the adds roll is installed.
 
p.s Once you get back into the server you can go to "active directory users and groups" to adjust the Administrator account… the options you get in this panel depend on what security settings are enabled in the local account but if you post a screenshot we can normally walk you through it.
Screenshot (6).png
 
I have indeed installed a RODC and I believe it's since then I can't login as local administrator.
Is this normal?
I can login as domain administrator.
 
Have you tried using the
MachineName\Administrator
and then the password for the local administrator account.
Not sure why you would want to do this as the Domain Administrator is a member of the Local Administrators Group, but I think it should work.
 
Is this normal?

Yes, if you have 'active directory domain services' (adds) installed then your local administrator account has been upgraded to a domain administrator and you can't log into the machine as the local administrator because that user name | password combination doesn't currently exist.

Not sure why you would want to do this as the Domain Administrator is a member of the Local Administrators Group

Good point… depending on what you want to achieve… an local account wouldn't have permission to do jack on a server running adds any way.

p.s. Standard (un-official) practice on Windows servers is to create a new local account with administrator permissions eg, john smith and password = john before adds is installed… this account would also get upgraded to domain controller along with everyone else but would be stored outside the built-in users folder… in effect becoming a 'back door' into the server with permission to configure server systems (networks, install rolls etc) but not actually falling under the domains control.
 
Back
Top Bottom