Re: Lost admin access to ADAM

I checked the event logs; all are clean but I did notice a lot of entries in
the security log; paging through them I found serveral references to dsamain:

The Windows Firewall has detected an application listening for incoming

Name: -
Path: C:\WINNT\ADAM\dsamain.exe
Process identifier: 6140
User domain: NT AUTHORITY
Service: Yes
RPC server: No
IP version: IPv4
IP protocol: TCP
Port number: 389
Allowed: No
User notified: No

I thought that it might be a firewall issue but now I'm not so sure. I
checked the FW settings; it is off, but greyed out because 'some settings are
controlled by group policy'. In spite of what the log says, I can go to
another box and issue the command: telnet <my ipaddress> 389 and it will
connect (just hangs), so I'd think that the port isn't really getting
blocked, that the service is still listening to the port. Is this a log
entry really mean anything?

"Dmitri Gavrilov [MSFT]" wrote:

Something funky in auth system. Anything interesting in the system or
security logs? Is there NDS client in the picture? Did you harden the system
(or domain)?

One thing I can suggest is to use computername\administrators (builtin
admins) as ADAM admin principal, as opposed to a specific user. Then you can
use your domain account to connect (provided this account is a member of

Dmitri Gavrilov
SDE, DS Admin eXperience

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at

"Andy!" <Andy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
Thanks Dmitri; That does blow away the instance, but still leaves me with
original problem. If I install with my account (which has has local
rights) the LDIF imports fail. This is odd because as part of the
installation it asks if you want to give the logged in user admin rights
the instance, then it promptly fails a few minutes later when it tries to
the import with that same account. If I cancel the install the service
running (and listening on 389) but if I try to manually import I get:

C:\WINNT\ADAM>ldifde -i -f ms-user.ldf -s localhost:389 -k -j .
-c CN=Schema,CN=Configuration,O=LAB,C=US" #schemaNamingContext
Connecting to "localhost:389"
Logging in as current user using SSPI
SSPI "bind as current user" returned 'Timeout'

Clearly something is wrong with the account but what? I'm logged in with
domain account (no typeos) which works otherwise but it doesn't take.
log looks clean.

"Dmitri Gavrilov [MSFT]" wrote:

%windir%\adam\adamuninstall.exe /force /i:instanceName

Dmitri Gavrilov
SDE, DS Admin eXperience

This posting is provided "AS IS" with no warranties, and confers no
Use of included script samples are subject to the terms specified at

"Andy!" <Andy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
I can't quite identify the cause but I no longer am able to access adam
is installed on XP/pro. When I bring up adsi edit it hangs and returns
operation returned because the timeout period expired." so I blew
away and re-installed ADAM SP1. Same problem. When I try to create a
instance it works but the LDIF imports fail (logfile contains:
ADAMERR_REPCREDS_INVALID) and when I try to remote the instance with
Adamuninstall (or from the control panel) I get and error 1053 (service
not respond). (but the intstance/service is still listening on the
specified port)

End result is that I'm stuck, can't delete it (w/o hacking the
access it and I haven't been able to identify was caused it. TIA -
wasn't crucial, but my application testing is dead in the water.
(Frustration level = high)


Relevant Pages

  • RE: Office tries to repair/reinstall
    ... Giving admin rights to everyone is not the solution. ... The file association issue should be also related to the Office 2007 installation. ... I will check the registry and install windows installer. ...
  • Re: Granting all users Admin Rights
    ... I am a Network Admin for Cuesta College and we are dealing with the same ... Techs to go to install every little piece of software on users computers. ... I believe that giving users Power Users rights is the best way ...
  • Re: Windows 2003 Users vs Software
    ... You need to have both an admin and a limited account ... >> as a limited user, to effect, "the software has not been installed ... The users do not have rights to install programs. ...
  • Re: Client Installation Issues: SMS 2.0 SP5
    ... Log on locally as LOCAL admin and install. ... Log on Locally as domain user who has LOCAL admin rights. ... The SMS Service account IS a domain admin ...
  • Re: Reboot command no longer works in Task Scheduler
    ... User rights assignment are set with a GPO located under Computer configuration, windows settings, security settings,local policies. ... Check there if the account, even the domain admin has the needed rights. ...