SOLVED

Admin local account cannot login after joining a DC and being promoted to RODC

%3CLINGO-SUB%20id%3D%22lingo-sub-1315800%22%20slang%3D%22en-US%22%3ERe%3A%20Admin%20local%20account%20cannot%20login%20after%20join%20a%20DC%20and%20be%20promoted%20to%20RODC%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1315800%22%20slang%3D%22en-US%22%3E%3CP%3EThat's%20expected%20behavior.%20When%20a%20server%20is%20promoted%20to%20domain%20controller%20all%20local%20accounts%20are%20removed%20and%20transitioned%20to%20domain%20accounts.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1316194%22%20slang%3D%22en-US%22%3ERe%3A%20Admin%20local%20account%20cannot%20login%20after%20join%20a%20DC%20and%20be%20promoted%20to%20RODC%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1316194%22%20slang%3D%22en-US%22%3EThanks%20a%20lot!%3CBR%20%2F%3Eso%20how%20could%20I%20log%20in%20with%20a%20local%20admin%20account%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1316211%22%20slang%3D%22en-US%22%3ERe%3A%20Admin%20local%20account%20cannot%20login%20after%20join%20a%20DC%20and%20be%20promoted%20to%20RODC%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1316211%22%20slang%3D%22en-US%22%3E%3CP%3EYou%20cannot%20logon%20to%20a%20domain%20controller%20with%20a%20local%20account%20because%20since%20promotion%20local%20accounts%20do%20not%20exist.%3C%2FP%3E%0A%3CP%3EUnless%20you're%20asking%20about%20DSRM%20mode.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1316242%22%20slang%3D%22en-US%22%3ERe%3A%20Admin%20local%20account%20cannot%20login%20after%20join%20a%20DC%20and%20be%20promoted%20to%20RODC%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1316242%22%20slang%3D%22en-US%22%3EThanks%20Dave!%20i%20didnt%20know%20about%20that%20behaviour!%20That's%20all!.%20I've%20solved%20with%20an%20specific%20account%20on%20the%20DC%20for%20that%20machine.%3CBR%20%2F%3EThank%20you%20very%20much!!.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1316273%22%20slang%3D%22en-US%22%3ERe%3A%20Admin%20local%20account%20cannot%20login%20after%20join%20a%20DC%20and%20be%20promoted%20to%20RODC%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1316273%22%20slang%3D%22en-US%22%3E%3CP%3EYou're%20quite%20welcome.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1315504%22%20slang%3D%22en-US%22%3EAdmin%20local%20account%20cannot%20login%20after%20joining%20a%20DC%20and%20being%20promoted%20to%20RODC%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1315504%22%20slang%3D%22en-US%22%3E%3CP%3EWindows%20Server%202019%20Datacenter.%3C%2FP%3E%3CP%3EAfter%20joining%20a%20machine%20a%20DC%20and%20promote%20to%20RODC%20the%20admin%20local%20account%20cannot%20login%20in%20the%20system.%3C%2FP%3E%3CP%3EOnly%20Admin%20DC%20can%20login%20in%20the%20RODC.%3C%2FP%3E%3CP%3EThe%20error%20showed%20is%20that%20password%20or%20username%20is%20incorrect%20wich%20is%20not%20true%20cause%20the%20local%20Admin%20account%20was%20not%20modified%20before%20joining%20the%20machine%20to%20the%20domain.%3C%2FP%3E%3CP%3EAny%20suggestion%3F%26nbsp%3B%3C%2FP%3E%3CP%3EThanks!!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1315504%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EWindows%20Server%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Highlighted
New Contributor

Windows Server 2019 Datacenter.

After joining a machine a DC and promote to RODC the admin local account cannot login in the system.

Only Admin DC can login in the RODC.

The error showed is that password or username is incorrect wich is not true cause the local Admin account was not modified before joining the machine to the domain.

Any suggestion? 

Thanks!!

5 Replies
Highlighted

That's expected behavior. When a server is promoted to domain controller all local accounts are removed and transitioned to domain accounts.

 

 

Highlighted
Thanks a lot!
so how could I log in with a local admin account?
Highlighted
Best Response confirmed by LimiteCero (New Contributor)
Solution

You cannot logon to a domain controller with a local account because since promotion local accounts do not exist.

Unless you're asking about DSRM mode.

 

 

Highlighted
Thanks Dave! i didnt know about that behaviour! That's all!. I've solved with an specific account on the DC for that machine.
Thank you very much!!.
Highlighted