You can be locked out of a domain if you forget the administrator password, change authentication methods without adding an administrative account, or experience a problem with the external authentication system.
You can unlock the domain using the rxsconfig command line utility's option.
To unlock a domain using rxsconfig
Log on the server on which the Domain Controller is installed as an administrator (Windows) or root (Linux).
Open a command window.
NOTE:On Windows systems (starting with Windows Vista and Windows Server 2008), you need to open the command window as an administrator. (In the Start menu, under, right-click and select ).
Enter the following command:
Open the Administrative Console and log on to the domain with the following user name and password:
user name: recovery
NOTE:Running the recover command allows access to the Administrative Console only once. After you log out, these login values for username and password won't work again. To log in again with these values you need to repeat steps 1 through 3.
Setto the authentication system you want to use for the domain.
Click the plus sign ( ) to add a new administrative user account.
Select the check box underfor the new account.
Clickthen enter the name and password for this account and click to make sure that the account is valid.
CAUTION:Don't close the Administrative Console without first redefining and testing an administrative account. Without a valid administrative account, you won't be able to log back into the Administrative Console and you'll need to repeat this procedure from the beginning.