Go Back   Computer Forums > General Computing > Cyber Safety and Computer Security
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 11-23-2012, 04:37 PM   #1
Fully Optimized
 
OhSnapWord's Avatar
 
Join Date: Jan 2012
Location: USA
Posts: 1,853
Default Help! Every User Account Disabled

I have a client with an Active Directory Domain Controller. It seems that somebody has gained unauthorized access and disabled every single user account. There is no way to log into the domain. The system is Windows Server 2008 R2. Any help will be greatly appreciated.
__________________

__________________
FX-8350 @ 4.7 cooled by H80, 32GB Mushkin Enhanced Blackline 2133, Asus Sabertooth 990FX, 2x Radeon HD 7850 2GB in X-fire, 500GB Samsung 850 Evo, 4TB Seagate, 3TB WD Black, 2x 1TB WD RED in RAID 0
OhSnapWord is offline   Reply With Quote
Old 11-24-2012, 10:45 AM   #2
..m.0,0.m..
Site Team
 
iPwn's Avatar
 
Join Date: May 2010
Location: USA
Posts: 3,870
Default Re: Help! Every User Account Disabled

You need to log on to the Domain Controller with the local admin account. (enter ".\" in the username to designate local) Then, perform an authoritative restore (assuming replication) as you don't know if those were the only changes made.

Edit: Not knowing your experience level here; there are two ways to do this.

1. Console access inside the server room. (use ".\administrator" to logon)

2. Connect a PC to the local network and open an RDP session with the DC. If the DC supports pre-authentication and you get a login screen before seeing a full blown login window, then specify the account name as "host\user", or "DC1\administrator".

If the DC does not use pre-auth, then simply use ".\administrator" once you are connected to the DC and see the full blown screen with logon.

As far as enabling accounts:

You could do this through the command line using dsmod. Open a command prompt and type:

Code:
dsmod user "OU=sparta,DC=sparta,DC=local" -disabled no
Notes:
OU= this is the root level OU
DC= this is the domain name. You have to put each part as a separate DC= so the above is for a domain of sparta.local
__________________

__________________
Me: You'd think as the dominant species we wouldn't be so effing stupid.
J: We're just intelligent enough to be completely effing stupid.
iPwn is offline   Reply With Quote
Old 11-26-2012, 07:54 PM   #3
Fully Optimized
 
OhSnapWord's Avatar
 
Join Date: Jan 2012
Location: USA
Posts: 1,853
Default Re: Help! Every User Account Disabled

I managed to change the admin password and got in. Thanks for the info.
__________________
FX-8350 @ 4.7 cooled by H80, 32GB Mushkin Enhanced Blackline 2133, Asus Sabertooth 990FX, 2x Radeon HD 7850 2GB in X-fire, 500GB Samsung 850 Evo, 4TB Seagate, 3TB WD Black, 2x 1TB WD RED in RAID 0
OhSnapWord is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 11:14 AM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0