Can not login to domain controller that didn’t replicate for too long or wrong DNS setting of old replication partner prevent login

Recently I had a case of an IT team that upgrade servers in on windows active directory site and forgot all about the other site that was replicating the AD between two domain controllers. On the first site they upgrade the DC, change the IP and setting and didn’t make sure replication was in order. After awhile it was impossible to login as the password didn’t work any more . What I did its access the forgotten DC server on the second site with PsExes from sysinternals

More information can be found here :

You need to run cmd on remote server

psexec \\remote_DC cmd

Then change the DNS settings in order to obtain access to the console, First make sure you are on the right console

ipconfig /all

Now you can add DNS to the ip on the right network card, clear the current settings (“Local Area Connection” is the right network card in this example)

netsh dnsclient delete dnsserver "Local Area Connection" all

add the right dns ip in the 1 place

netsh dnsclient add dnsserver "Local Area Connection" xx.xx.xx.xx index=1

Second DNS

netsh dnsclient add dnsserver "Local Area Connection" xx.xx.xx.xx index=2


ipconfig /flushdns & ipconfig /registerdns

Try to login as domain admin .

Good Luck

Leave a Reply

Your email address will not be published. Required fields are marked *