question

JohnRoberts-0452 avatar image
0 Votes"
JohnRoberts-0452 asked DSPatrick commented

Server 2012 R2 lost admin permission after deprecating from DC/AD

I had to deprecate this server from a DC/AD back to a workgroup since the software that has a SQL Server DB would not function correctly after the promotion. Unfortunately, during the deprecation, I missed the screen to "Enter the new Administrator password". Now I can't seem to figure out how to re-establish Admin control. Any known remedies for this?

MTIA

windows-server-2012
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered DSPatrick commented

This thread started out with server "lost admin permission" which seems to have been sorted out. I'd suggest closing this one by marking answer then open a new thread here about SQL permissions.
https://docs.microsoft.com/en-us/answers/topics/sql-server-general.html

--please don't forget to upvote and Accept as answer if the reply is helpful--





· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you for your efforts.

0 Votes 0 ·

You're welcome.




0 Votes 0 ·
DSPatrick avatar image
0 Votes"
DSPatrick answered

You can try the steps found here.
https://www.howtogeek.com/222262/how-to-reset-your-forgotten-password-in-windows-10/

--please don't forget to upvote and Accept as answer if the reply is helpful--



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JohnRoberts-0452 avatar image
0 Votes"
JohnRoberts-0452 answered

Thanks for the reply. However, I can sign in with the Admin password, I just don't have Admin rights over most areas. Ex. I had other users set up and now I am not even given the option to sign in under any of those profiles, nor can I set up a fax server. I am told I do not have the necessary permissions.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

Understood, your only hope is to follow the steps in doc I linked to create a new user as local administrator.

--please don't forget to upvote and Accept as answer if the reply is helpful--


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

VickyWang-MFST avatar image
0 Votes"
VickyWang-MFST answered JohnRoberts-0452 commented

Method 1:

Login to an Admin account on the system and follow the below steps to change the status of the main account.

Steps:-

  1. Right click on the Start menu and select Control Panel.

  2. Click on User Accounts and select Manage another account.

  3. Double click on your user account.

  4. Now select Administrator and click save and ok.

Method 2:

In case you do not have another Admin on the computer, enable the built in admin account from the Windows Recovery Environment, login to that account and then change the status of the present account from Standard to Administrator. You may get an error when you try to enable the hidden admin account as the command only runs on an Elevated command prompt, i.e., an admin Command prompt. As you can’t access that on your system, I suggest you to go to Windows Recovery Environment and use the Command Prompt there, which is elevated.

Follow the below steps:-

1) Press Shift and Restart from the power icon (together)

2) Select Troubleshoot.

3) Go to Advanced Options.

4) Select Command Prompt.

5) Type "net user Administrator /active:yes"

6) Hit Enter.

A user account with the name Admin will be created. Log in with that account and you will be able to access Admin privileges. You can also create and change the status of other accounts with that account.

Hope this information is helpful. Please do let us know if you need further assistance, we’ll be glad to assist you.

· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Will try this today and advise the results later.

0 Votes 0 ·

So, there is no "hidden" admin account. It is the Administrator account I am having the issues with. I can create another account with Admin privileges, but it does not have any effect on the existing Admin account. And, just to be clear, I need to use the installation media to access the Recovery Environment in Windows Server 2012 R2, correct?

0 Votes 0 ·

correct, no hidden account. You can follow along here to reset password.
https://www.howtogeek.com/222262/how-to-reset-your-forgotten-password-in-windows-10/

--please don't forget to upvote and Accept as answer if the reply is helpful--





0 Votes 0 ·

Vicky - In the USERS folder I see the Administrator.(servername) just below the user Administrator. In the control panel under manage users it shows Administrator as Administrator. My password has not changed. I am able to create another User with Administrative privileges. I lack "User Rights" or " The server principal "XXXXXX\Administrator" is not able to access the database "XXSQLDB" under the current security context." I keep getting this type of error with being the Administrator for many items. Even when I create a new Administrative account.

0 Votes 0 ·
DSPatrick avatar image
0 Votes"
DSPatrick answered JohnRoberts-0452 commented

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--






· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

In the USERS folder I see the Administrator.(servername) just below the user Administrator. In the control panel under manage users it shows Administrator as Administrator. My password has not changed. I am able to create another User with Administrative privileges. I lack "User Rights" or " The server principal "XXXXXX\Administrator" is not able to access the database "XXSQLDB" under the current security context." I keep getting this type of error with being the Administrator for many items. Even when I create a new Administrative account.

0 Votes 0 ·
JohnRoberts-0452 avatar image
0 Votes"
JohnRoberts-0452 answered

Sorry, but have been swamped. Going to attempt today. I will let you know later if this works.

Thank for the follow up.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

Sounds good

--please don't forget to upvote and Accept as answer if the reply is helpful--



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered JohnRoberts-0452 commented

The server principal "XXXXXX\Administrator" is not able to access the database "XXSQLDB"

If XXXXXX\ is the old domain name then it may be your local administrator does not have the same SQL permissions as the domain admin had. You may need to add the local admin access to the database via SSMS

--please don't forget to upvote and Accept as answer if the reply is helpful--









· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I am not at all that versed in SQL. I did find some info at this link:

https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/connect-to-sql-server-when-system-administrators-are-locked-out?view=sql-server-ver15#step-by-step-instructions

However, I had problems getting past the single user mode to access to Object Explorer with Windows Authentication. I either got "more than one connection can not be made while in single user mode" or I could not access Object Explorer to apply the recommended approach.

0 Votes 0 ·