KnowledgeBase: You cannot log on as a local administrator when you restart in Directory Services Repair Mode

Reading Time: 2 minutes

As part of the May 2014 Update Rollup, Microsoft has fixed a problem that I hope has not been bugging any Active Directory Admin…

On Windows Server 2012 and Windows Server 2012 R2-based Domain Controllers, an issue was identified that blocks access to the Directory Services Restore Mode (DSRM).

 

The situation

On Windows Server 2012 or Windows Server 2012 R2-based Domain Controllers, you applied the Admin Approval Mode for the built-in Administrator account Group Policy setting.

 

The issue

When you restart the Domain Controller in Directory Services Restore Mode (DSRM) and you log on as a local administrator (against the local Security Accounts Manager (SAM) database, that is offline during normal operations of the Domain Controller), only a black screen is displayed after the authentication screen. At this point, you can do nothing except log off by pressing Ctrl+Alt+Delete.

This leaves the Directory Services Restore Mode (DSRM) unusable. You cannot perform the actions you would want to perform in Directory Services Restore Mode (DSRM).

 

The solution

To resolve this issue, install 2955164 Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 update rollup: May 2014 on the Domain Controllers.

You do not have to restart these servers after you apply this hotfix.

 

Concluding

I recommend installing the 2955164 Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 update rollup: May 2014, because the Directory Services Restore Mode (DSRM) is essential in troubleshooting advanced issues with Domain Controllers; You don’t want to encounter any issues while in this mode.

Related KnowledgeBase articles

2937044 You cannot log on as a local administrator when you restart in DSRepair mode
2955164 Windows RT 8.1, Windows 8.1, and Server 2012 R2 update rollup: May 2014

Related blogposts

How to add a DSRM startup option in Windows Server 2008 and Windows Server 2008 R2
Active Directory Domain Services Command Fu, Part 3
Rebooting Windows Server 2012-based DCs into Directory Services Restore Mode
New features in AD DS in Windows Server 2012, Part 6: Recycle Bin GUI

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.