How can I log into a Domain controller that doesn't trust itself

active-directory windows-server-2008-r2 kerberos

Active Directory Restore Mode is the only way, and it will require that you know the Directory Services Restore Mode administrator account password.

Incidentally, it looks like this problem was caused by improperly restoring a Domain Controller. Just doing a standard restore from backup will leave you with a non-functioning domain Controller every time. Next time, follow the technet guide here.


You can restart into Directory Service Restore Mode remotely and log in using the DSRM (local administrator) password.

If you do not know that password, you can reset it by booting your virtual machine from an ntpasswd image.

Related

Detecting Slashdot effect in nginx
Apache refuses to write to a log file after I manually delete all of its contents
Forgot Password Server 2012
Sniff UNIX domain socket
CleanMgr can nolonger be installed on server 2012 R2
How can you test a backup / secondary MX server?
VMWare ESXi 5.5, thin provision still allocates full amount of space on disk
Apache 2.2 end of life
How to load balance sftp instances on AWS
SaltStack: Is there a way to only display failed and warnings in output?
MySQL extremely slow on very simple SELECT queries
Can mixing RAM memory size (on its own) reduce dual channel performance? [closed]