by Batuhan Cetin
Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home. It is common that we forget some of them. One of the most frustrating things is we sometimes forget critical information which we did not write down on a piece of paper because it is critical! Domain administrator password is one of this kind. This article will guide you through the steps to reset the domain administrator password. Oh don't forget the milk, if you do, noone can help you to recover the damage that your wife will cause to your brain.
Please note that I have tested this in a test environment and personally seen that it worked. Changing the domain administrator password may cause some services in your environment to fail because of the password mismatch. Consider changing the password of all services or software that uses domain administrator account to operate. I do not take any responsibility of any damage caused to your system when following this article. However, if you have problems regarding this, I will gladly help you in EE forums.
We will be using the "INSTSRV SRVANY
" command tool provided in Windows Server 2003 Resource Kit. You can download the resource kit here:
In this scenario, we will assume that our forgotten password is "Experts1
" and we will be replacing it with "ExpertsReset1
We must have access to a domain controller using its local administrator password,
We must download the resource kit and extract it to a folder.
I recommend extracting it to System32 folder or copy the cmd.exe from System32 folder and paste it to the folder you extracted the tools. This way you will not have to bother with paths.
I have created a folder named ResetPassword at the root of "C:" drive and extracted the tools there. I also copied cmd.exe to that location. Please modify the paths and names through the article for your environment.
The logic here is to create and modify a service that will automatically start and change the domain administrator password on next restart.
First, we will need to restart the domain controller. While the restart process, press F8
to bring up the Windows Advanced Options menu. Choose "Directory Services Restore Mode (Windows domain controllers only)
". Note that the Active Directory is disabled in this mode and no modifications can be made on it. This mode is for resolving issues about Directory Service Database and restoring. Access the console by providing the local administrator credentials.
Open a command prompt and navigate to the ResetPassword folder. Run the SRVANY tool with INSTSRV in command prompt:
INSTSRV PasswordReset SRVANY.exe
C:\ResetPassword>INSTSRV PasswordReset SRVANY.exe
The service was successfully added!
Make sure that you go into the Control Panel and use
the Services applet to change the Account Name and
Password that this newly installed service will use
for its Security Context.
string in this command can be anything you like. It is just to identify the keys and services created by the tool. Hereafter, this string will be used as PasswordReset that means you will need to replace the paths in the article if you modify the string.
Open regedit and navigate to:
In the right pane, right click an open area and click New > Key and name it as Parameters. Now navigate to the new Parameters key from the left pane.
Right click on the right pane and click New > String Value
and name it as Application
. Double click on Application
, write C:\ResetPassword\cmd.exe
in the Value data field and click OK.
Again right click and create a new String value by clicking New > String value
. Name it as AppParameters
. Double click it, write /k net user administrator ExpertsReset1
and clik OK. Remember that "ExpertsReset1
" will be our new domain administrator password.
Now that we created these keys:
Type: REG_SZ (string)
Type: REG_SZ (string)
Value: /k net user administrator ExpertsReset1
Now we will check if our service is created. Go to Services snap-in by either services.msc
Run command or by going to Control Panel > Administrative Tools > Services
. Check the list for the PasswordReset
service. Right click the service and click Properties
. Make sure that the Startup type
is set to Automatic
Navigate to Log On
tab and tick the Allow service to interact with desktop
Click Apply, then OK.
If you are sure that you have done everything right, restart the server in normal mode. Your password will reset in the startup process. You may get a command prompt that says "The command completed successfully" for the first time you logon.
Now let's remove the tool and the service we created to prevent any security risks. To do this, we must first stop the service and remove it. Open a command prompt and run:
net stop PasswordReset
sc delete PasswordReset
C:\>net stop PasswordReset
The PasswordReset service was stopped successfully
C:\>sc delete PasswordReset
[SC] DeleteService SUCCESS
Remove the ResetPassword folder you created which includes the tools to recreate this service.
See you in another article.