Browse All Articles > Resetting Domain Admin Password for Windows Server 2003/2008
I think it is a fairly common occurrence these days that IT Administrators forget the password of a Domain Controller after they have got back from a vacation OR there has just been a situation where the previous system admin has left without leaving the Server Password.
Now, let's be perfectly clear about this scenario. You really should have a site manual secured away to prevent this type of thing happening in the first place. You really should have set up a Directory Services Restore Mode password and documentation. You really should contact Microsoft Support to see if they can provide assistance. But the scenario being discussed here is when none of those "really should" have worked, and your own server must be reset in order to use it.
Let's also be perfectly clear that this process really is the last ditched attempt, and is not supported, and could be fatal to your system. On that note, by following this article, you agree to have read the DISCLAIMER at the bottom of the page, and if you haven't, please do so now.
There are lot of different utilities that are available on the web; some open source and some paid ones and it can get a bit confusing when deciding which one to go with.
There is one utility that you can rely on and believe me it works on all Windows OS from Windows NT to Windows 7 and with both 32 bit and 64 bit versions. This is called "Offline NT Password and Registry Editor" and can be FOUND HERE (http://home.eunet.no/pnordahl/ntpasswd/). Once you have downloaded the ISO image, burn it on a CDROM and then boot the Server of it.
Recovering of Password for a DC is a 2-step procedure -
Make sure that before proceeding you have unplugged the network cable from the server, this is purely for security reasons.
Step 1 -
a) Boot the Server of the "Offline NT Password and Registry Editor" disk.
b) Once your system has booted, you will be prompted with the list of NTFS partitions found on the server. Press 'a' to see the list of all the partitions.
c) Choose your windows partition - remember since it is a linux disk you will see the partitions in the format /dev/sda1,sda2 etc. so do not worry.
d) In my case I pressed '1' and hit ENTER to mount my Windows NTFS partition.
e) At this stage it will warn you saying that there has been a dirty shutdown detected with a warning. Accept it at your own risk (I personally never had any problems with it). Press 'y' to force the mount.
f) Next it will ask you to point it to the path to the registry directory, just choose the default, unless you made changes to this directory.
g) Now you will be prompted to load registry for SAM SYSTEM SECURITY or RecoverConsole Parameters. Choose the first option.
h) In the "Password or Registry Edit" screen choose option 1 - "Edit User Data and Passwords". You will now be displayed a list of usernames.
i) Choose from the list of usernames or hit ENTER to choose the default Administrator Username.
j) Choose option 1 - Clear (blank) user password. It will now say password has been Cleared. Do not restart the server as we are not done yet :)
k) Now press 'q' or '!' to quit out of editing username and passwords.
l) VERY IMP - Press 'q' once more and you will be notified that the SAM HIVE has changed, do you want to write back changes - type 'y' and hit ENTER
m) Now you can restart the server by just using Ctrl + Alt + Del or a Hard reboot.
REMEMBER - What we have done in this step is that we have just reset DIRECTORY SERVICES RESTORE MODE password and not the DOMAIN ADMIN password. This will only allow you access to the server from the DSRM mode. We will learn how to reset the domain admin password in STEP 2.
Step 2 -
a) REBOOT your server but when it is booting up keep tapping the F8 key, you will now see a screen with advanced boot options. Here choose DIRECTORY SERVICES RESTORE MODE and boot hit ENTER.
b) Now when you get the LOGIN PROMPT, remember and this is very important, you want to login as the local admin on the server so your username should be SERVERNAME\Administrator and not DOMAIN.LOCAL\Administrator. Replace the SERVERNAME with your server's name.
c) So in the username type SERVERNAME\Administrator and leave the password field blank and hit ENTER.
d) Congratulations, you are now logged into your server, but what you still need to do is RESET your domain admin password and unfortunately this cannot be done from this mode, but we will use a little trick to create a new service in windows which will reset the domain admin password on the next reboot of the server.
The instructions from here on are explained very well in step 1 of a link on Mr. Petri's website so I suggest you to go here http://www.petri.co.il/reset_domain_admin_password_in_windows_server_2003_ad.htm, rather than I repeat the same thing.
This is it!! You have successfully reset your own server.
This article was first published by myself on my website Confatech IT Knowledgebase, to see the updated version of this article visit- http://www.confatech.com/windows-server-2008/forgot-domain-admin-password-server2008
------------------------------------------------------------------------------------------------------------
DISCLAIMER:
This article has been written for informational purpose only and any potential misuse or abuse of it will not be the liability of the author.
Improper use of this tool can also render the system unbootable and hence proper care should be taken when using this tool.
Users are also advised to do read the instructions provided by the author of the program before using it (http://pogostick.net/~pnh/ntpasswd/)
------------------------------------------------------------------------------------------------------------
Now, let's be perfectly clear about this scenario. You really should have a site manual secured away to prevent this type of thing happening in the first place. You really should have set up a Directory Services Restore Mode password and documentation. You really should contact Microsoft Support to see if they can provide assistance. But the scenario being discussed here is when none of those "really should" have worked, and your own server must be reset in order to use it.
Let's also be perfectly clear that this process really is the last ditched attempt, and is not supported, and could be fatal to your system. On that note, by following this article, you agree to have read the DISCLAIMER at the bottom of the page, and if you haven't, please do so now.
There are lot of different utilities that are available on the web; some open source and some paid ones and it can get a bit confusing when deciding which one to go with.
There is one utility that you can rely on and believe me it works on all Windows OS from Windows NT to Windows 7 and with both 32 bit and 64 bit versions. This is called "Offline NT Password and Registry Editor" and can be FOUND HERE (http://home.eunet.no/pnordahl/ntpasswd/). Once you have downloaded the ISO image, burn it on a CDROM and then boot the Server of it.
Recovering of Password for a DC is a 2-step procedure -
Make sure that before proceeding you have unplugged the network cable from the server, this is purely for security reasons.
Step 1 -
a) Boot the Server of the "Offline NT Password and Registry Editor" disk.
b) Once your system has booted, you will be prompted with the list of NTFS partitions found on the server. Press 'a' to see the list of all the partitions.
c) Choose your windows partition - remember since it is a linux disk you will see the partitions in the format /dev/sda1,sda2 etc. so do not worry.
d) In my case I pressed '1' and hit ENTER to mount my Windows NTFS partition.
e) At this stage it will warn you saying that there has been a dirty shutdown detected with a warning. Accept it at your own risk (I personally never had any problems with it). Press 'y' to force the mount.
f) Next it will ask you to point it to the path to the registry directory, just choose the default, unless you made changes to this directory.
g) Now you will be prompted to load registry for SAM SYSTEM SECURITY or RecoverConsole Parameters. Choose the first option.
h) In the "Password or Registry Edit" screen choose option 1 - "Edit User Data and Passwords". You will now be displayed a list of usernames.
i) Choose from the list of usernames or hit ENTER to choose the default Administrator Username.
j) Choose option 1 - Clear (blank) user password. It will now say password has been Cleared. Do not restart the server as we are not done yet :)
k) Now press 'q' or '!' to quit out of editing username and passwords.
l) VERY IMP - Press 'q' once more and you will be notified that the SAM HIVE has changed, do you want to write back changes - type 'y' and hit ENTER
m) Now you can restart the server by just using Ctrl + Alt + Del or a Hard reboot.
REMEMBER - What we have done in this step is that we have just reset DIRECTORY SERVICES RESTORE MODE password and not the DOMAIN ADMIN password. This will only allow you access to the server from the DSRM mode. We will learn how to reset the domain admin password in STEP 2.
Step 2 -
a) REBOOT your server but when it is booting up keep tapping the F8 key, you will now see a screen with advanced boot options. Here choose DIRECTORY SERVICES RESTORE MODE and boot hit ENTER.
b) Now when you get the LOGIN PROMPT, remember and this is very important, you want to login as the local admin on the server so your username should be SERVERNAME\Administrator and not DOMAIN.LOCAL\Administrator
c) So in the username type SERVERNAME\Administrator and leave the password field blank and hit ENTER.
d) Congratulations, you are now logged into your server, but what you still need to do is RESET your domain admin password and unfortunately this cannot be done from this mode, but we will use a little trick to create a new service in windows which will reset the domain admin password on the next reboot of the server.
The instructions from here on are explained very well in step 1 of a link on Mr. Petri's website so I suggest you to go here http://www.petri.co.il/reset_domain_admin_password_in_windows_server_2003_ad.htm, rather than I repeat the same thing.
This is it!! You have successfully reset your own server.
This article was first published by myself on my website Confatech IT Knowledgebase, to see the updated version of this article visit- http://www.confatech.com/windows-server-2008/forgot-domain-admin-password-server2008
--------------------------
DISCLAIMER:
This article has been written for informational purpose only and any potential misuse or abuse of it will not be the liability of the author.
Improper use of this tool can also render the system unbootable and hence proper care should be taken when using this tool.
Users are also advised to do read the instructions provided by the author of the program before using it (http://pogostick.net/~pnh/ntpasswd/)
--------------------------
Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.
Comments (7)
Author
Commented:"It is CHANGING the password. The ramifications of taking this inadvisable action are many and varied - but at the least you should expect that any number of "Services" will begin to fail."
I disagree with you. Most Services are set to use SYSTEM ACCOUNT or NETWORK SERVICE account credentials unless otherwise changed. This utility just changes the password for the DIRECTORY SERVICES RESTORE mode and from then on we go about changing the system admin password by creating a windows service. I do not see why you are so upset about this. I have used it atleast 50 times and never had any problems whatsoever.
Commented:
It is unfortunate that you don't even understand the ramifications of what you are doing - regardless of how many times you claim to have used it.
Rather than get in a contentious debate, I will simply unsubscribe and let others offer their thoughts.
Author
Commented:First of all, you are entitled to your own opinion.
Secondly, in terms of using it, obviously it is something that one will loose as a last resort when all other avenues have been exhausted.
Thirdly, I do agree there is a risk involved if you are not familiar with how Server 2003 works or how this tool works. Hence the Disclaimer at the bottom of the page
Fourthly - When you have no access to your system whatsoever because of not knowing the password, it is highly unlikely that you could do any more damage to it. Based on your comment, I see the need to add to this article that the user must do a backup with GHOST or ACRONIS before proceeding.
Commented:
Commented:
it seems like finding another account with domain admin rights and then adding another account with be smarter....
who knows how much code or what has that password hardcoded into it
the article is helpful with how to get into DSRM
View More