6.6.6 Unlock a Domain

You can be locked out of a domain if you forget the administrator password, change authentication methods without adding an administrative account, or experience a problem with the external authentication system.

You can unlock the domain using the rxsconfig command line utility's recovery option.

To unlock a domain using rxsconfig

  1. Log on the server on which the Domain Controller is installed as an administrator (Windows) or root (Linux).

  2. Open a command window.

    NOTE:On Windows systems (starting with Windows Vista and Windows Server 2008), you need to open the command window as an administrator. (In the Start menu, under Accessories, right-click Command Prompt and select Run As Administrator).

  3. Enter the following command:

    rxsconfig recover
  4. Restart the service.

  5. Open the Administrative Console and log on to the domain with the following user name and password:

    user name: recovery

    password: recovery

    NOTE:Running the recover command allows access to the Administrative Console only once. After you log out, these login values for username and password won't work again. To log in again with these values you need to repeat steps 1 through 3.

  6. Set Authentication system to the authentication system you want to use for the domain.

  7. Click the plus sign ( ) to add a new administrative user account.

  8. Select the check box under Administrator for the new account.

  9. Click Test Authentication then enter the name and password for this account and click Test to make sure that the account is valid.

CAUTION:Don't close the Administrative Console without first redefining and testing an administrative account. Without a valid administrative account, you won't be able to log back into the Administrative Console and you'll need to repeat this procedure from the beginning.

Related Topics