I’m committing myself to Microsoft identity management. Surprisingly I don’t entirely hate it (having been exposed to it in anger for two years on an increasingly decrepit Windows Server).

I wasn’t really exposed to Active Directory much back in my days of Memset – the majority of customers weren’t running their servers for ID management – just IIS and SQL Server. Similarly, in previous jobs prior to Memset, ID management was either local only, or if it was networked – NIS, LDAP or RADIUS.

Packed in like sardines, but without the brine..

Last Monday’s South Western Railway strike was fun. Trains were considerably busier than usual – it took a good half an hour to wait for another train with enough capacity to get me home.

Wall to wall humans. Lovely. I’m happy to wait, thanks.

Another calamity had befallen me earlier that day, however. I was trying new backup software for the local Active Directory server and I had to cancel it due to hogging too many resources. I was forced to shut down windows and reboot – but – ALAS! – the server came up and wouldn’t allow me to log in as administrator via remote desktop. Wouldn’t let me log in with my own user account which has administrative privileges. The Active Directory service was borked.

I rebooted the machine again. I physically booted it into Safe Mode with Networking and was – physically at the machine itself – able to log in. In the end, I had to:

  • Create a Windows Server bootable USB from ISO
  • Boot from the USB stick
  • Select “Repair this computer”, go to Troubleshooting then select Command Prompt
  • Rename utilman.exe to utilman.bak, then copy cmd.exe to utilman.exe

Utilman.exe is called whenever the accessibility feature is used prior to logging into Windows Server (at least prior to Windows Server 2016). By replacing it with cmd.exe, you’re presented with a command-line prompt that allows you to change the administrator password.

With this in place, I changed the admin password (net user administrator <password>), rebooted the machine (which can back up in Safe Mode with Networking), used msconfig to set the boot mode back to Normal, rebooted again – and everything came back up and Just Worked(tm).

It took me two days to figure that out. Windows. So helpful.