Hi, Last Friday, I started re-installing our whole office network, one machine at a time. After three hard, long days, everything was working fine until this afternoon, when I tried to log in and received an error message stating that my account, the domain administrator, was disabled! (Oh Noes!) Firstly, let us discuss cause: I suspect that this may have been caused by group policy changes. I cannot think of anything else that would have caused this. Come to think of it, I cannot think of a group policy setting that would have caused this! Moving on, effect: NO ADMIN ACCESS to the domain controller (there is only one) or any domain settings. No, I had not got arround to setting up a secondary admin account. All the users are hapily working, I can't get in. (They have been up and running since noon) Begging Part: Please help! I don't want to spend three days (and p*** off my users even more) by reinstalling again. I have full access to the box and can use the Directory Service Restore Admin (F8 during boot) to get access to the box, I could also use Knoppix, which has solved problems for me in the past) Descriptive Bit: My domain controller is WIndows 2003 Server, Standard, OEM, SP1. Yes, I use NTFS on my Hardware Raid 1 SCSI drive. Helpful Bit: I found a document on the internet that described how to change an admin password of a domain admin using a tool called SRVANY.EXE and Directory Restore Mode, I modified this tutorial and managed to use it to setup a new user account in active directory using NET USER. The new user account worked as a user account, but, despite my attempts to use the same tutorial's steps and the NET GROUP command, I could not promote the user to a domain admin. Disparing Section: How can this happen? How can Microsoft take an action that results in every domain admin being disabled? Would Linux EVER do anything that disabled root? Ponderous Speculation: I wonder if it is possible to demote the box and re-install AD? That would be bad, but not too bad. I wonder if it is possible to rollback group policy to earlier today? Comic Relief: My lecturer back in 2001 always told me to create a second admin account in case this happened. He was refering to NT4 back then. I never thought it would happen to me. Thanks for any suggestions or assistance, Stephen Martindale