Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home. It is common that we forget some of them. One of the most frustrating things is we sometimes forget critical information which we did not write down on a piece of paper because it is critical! Domain administrator password is one of this kind. This article will guide you through the steps to reset the domain administrator password. Oh don't forget the milk, if you do, noone can help you to recover the damage that your wife will cause to your brain.
Please note that I have tested this in a test environment and personally seen that it worked. Changing the domain administrator password may cause some services in your environment to fail because of the password mismatch. Consider changing the password of all services or software that uses domain administrator account to operate. I do not take any responsibility of any damage caused to your system when following this article. However, if you have problems regarding this, I will gladly help you in EE forums.
We will be using the "INSTSRV SRVANY" command tool provided in Windows Server 2003 Resource Kit. You can download the resource kit here:
http://www.microsoft.com/downloads/details.aspx?FamilyID=9D467A69-57FF-4AE7-96EE-B18C4790CFFD&displaylang=en
In this scenario, we will assume that our forgotten password is "Experts1" and we will be replacing it with "ExpertsReset1"
Prerequisites:
We must have access to a domain controller using its local administrator password,
We must download the resource kit and extract it to a folder.
I recommend extracting it to System32 folder or copy the cmd.exe from System32 folder and paste it to the folder you extracted the tools. This way you will not have to bother with paths.
I have created a folder named ResetPassword at the root of "C:" drive and extracted the tools there. I also copied cmd.exe to that location. Please modify the paths and names through the article for your environment.
The logic here is to create and modify a service that will automatically start and change the domain administrator password on next restart.
1) First, we will need to restart the domain controller. While the restart process, press F8 to bring up the Windows Advanced Options menu. Choose "Directory Services Restore Mode (Windows domain controllers only)". Note that the Active Directory is disabled in this mode and no modifications can be made on it. This mode is for resolving issues about Directory Service Database and restoring. Access the console by providing the local administrator credentials.
2) Open a command prompt and navigate to the ResetPassword folder. Run the SRVANY tool with INSTSRV in command prompt:
INSTSRV PasswordReset SRVANY.exe
Please note that I have tested this in a test environment and personally seen that it worked. Changing the domain administrator password may cause some services in your environment to fail because of the password mismatch. Consider changing the password of all services or software that uses domain administrator account to operate. I do not take any responsibility of any damage caused to your system when following this article. However, if you have problems regarding this, I will gladly help you in EE forums.
We will be using the "INSTSRV SRVANY" command tool provided in Windows Server 2003 Resource Kit. You can download the resource kit here:
http://www.microsoft.com/downloads/details.aspx?FamilyID=9D467A69-57FF-4AE7-96EE-B18C4790CFFD&displaylang=en
In this scenario, we will assume that our forgotten password is "Experts1" and we will be replacing it with "ExpertsReset1"
Prerequisites:
We must have access to a domain controller using its local administrator password,
We must download the resource kit and extract it to a folder.
I recommend extracting it to System32 folder or copy the cmd.exe from System32 folder and paste it to the folder you extracted the tools. This way you will not have to bother with paths.
I have created a folder named ResetPassword at the root of "C:" drive and extracted the tools there. I also copied cmd.exe to that location. Please modify the paths and names through the article for your environment.
The logic here is to create and modify a service that will automatically start and change the domain administrator password on next restart.
1) First, we will need to restart the domain controller. While the restart process, press F8 to bring up the Windows Advanced Options menu. Choose "Directory Services Restore Mode (Windows domain controllers only)". Note that the Active Directory is disabled in this mode and no modifications can be made on it. This mode is for resolving issues about Directory Service Database and restoring. Access the console by providing the local administrator credentials.
2) Open a command prompt and navigate to the ResetPassword folder. Run the SRVANY tool with INSTSRV in command prompt:
INSTSRV PasswordReset SRVANY.exe
1:2:3:4:5:6:7:8: | C:\ResetPassword>INSTSRV PasswordReset SRVANY.exeThe service was successfully added!Make sure that you go into the Control Panel and use the Services applet to change the Account Name and Password that this newly installed service will use for its Security Context. |
The PasswordReset string in this command can be anything you like. It is just to identify the keys and services created by the tool. Hereafter, this string will be used as PasswordReset that means you will need to replace the paths in the article if you modify the string.
3) Open regedit and navigate to:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\PasswordReset
In the right pane, right click an open area and click New > Key and name it as Parameters. Now navigate to the new Parameters key from the left pane.
4) Right click on the right pane and click New > String Value and name it as Application. Double click on Application, write C:\ResetPassword\cmd.exe in the Value data field and click OK.
5) Again right click and create a new String value by clicking New > String value. Name it as AppParameters. Double click it, write /k net user administrator ExpertsReset1and clik OK. Remember that "ExpertsReset1" will be our new domain administrator password.
Now that we created these keys:
Name: Application
Type: REG_SZ (string)
Value: C:\ResetPassword\cmd.exe
Name: AppParameters
Type: REG_SZ (string)
Value: /k net user administrator ExpertsReset1
6) Now we will check if our service is created. Go to Services snap-in by either services.msc Run command or by going to Control Panel > Administrative Tools > Services. Check the list for the PasswordReset service. Right click the service and click Properties. Make sure that the Startup type is set to Automatic.
7) Navigate to Log On tab and tick the Allow service to interact with desktop checkbox.
8) Click Apply, then OK.
9) If you are sure that you have done everything right, restart the server in normal mode. Your password will reset in the startup process. You may get a command prompt that says "The command completed successfully" for the first time you logon.
10) Now let's remove the tool and the service we created to prevent any security risks. To do this, we must first stop the service and remove it. Open a command prompt and run:
net stop PasswordReset
sc delete PasswordReset
1:2:3:4:5:6: | C:\>net stop PasswordResetThe PasswordReset service was stopped successfullyC:\>sc delete PasswordReset[SC] DeleteService SUCCESS |
11) Remove the ResetPassword folder you created which includes the tools to recreate this service.
Comments