[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More


Resetting Domain Admin Password for Windows Server 2003/2008

Published on
14,043 Points
2 Endorsements
Last Modified:
I think it is a fairly common occurrence these days that IT Administrators forget the password of a Domain Controller after they have got back from a vacation OR there has just been a situation where the previous system admin has left without leaving the Server Password.

Now, let's be perfectly clear about this scenario. You really should have a site manual secured away to prevent this type of thing happening in the first place. You really should have set up a Directory Services Restore Mode password and documentation. You really should contact Microsoft Support to see if they can provide assistance. But the scenario being discussed here is when none of those "really should" have worked, and your own server must be reset in order to use it.

Let's also be perfectly clear that this process really is the last ditched attempt, and is not supported, and could be fatal to your system. On that note, by following this article, you agree to have read the DISCLAIMER at the bottom of the page, and if you haven't, please do so now.

There are lot of different utilities that are available on the web; some open source and some paid ones and it can get a bit confusing when deciding which one to go with.

There is one utility that you can rely on and believe me it works on all Windows OS from Windows NT to Windows 7 and with both 32 bit and 64 bit versions. This is called "Offline NT Password and Registry Editor" and can be FOUND HERE (http://home.eunet.no/pnordahl/ntpasswd/). Once you have downloaded the ISO image, burn it on a CDROM and then boot the Server of it.

Recovering of Password for a DC is a 2-step procedure -

Make sure that before proceeding you have unplugged the network cable from the server, this is purely for security reasons.

Step 1 -

a) Boot the Server of the "Offline NT Password and Registry Editor" disk.
b) Once your system has booted, you will be prompted with the list of NTFS partitions found on the server. Press 'a' to see the list of all the partitions.
c) Choose your windows partition - remember since it is a linux disk you will see the partitions in the format /dev/sda1,sda2 etc. so do not worry.
d) In my case I pressed '1' and hit ENTER to mount my Windows NTFS partition.
e) At this stage it will warn you saying that there has been a dirty shutdown detected with a warning. Accept it at your own risk (I personally never had any problems with it). Press 'y' to force the mount.
f) Next it will ask you to point it to the path to the registry directory, just choose the default, unless you made changes to this directory.
g) Now you will be prompted to load registry for SAM SYSTEM SECURITY or RecoverConsole Parameters. Choose the first option.
h) In the "Password or Registry Edit" screen choose option 1 - "Edit User Data and Passwords". You will now be displayed a list of usernames.
i) Choose from the list of usernames or hit ENTER to choose the default Administrator Username.
j) Choose option 1 - Clear (blank) user password. It will now say password has been Cleared. Do not restart the server as we are not done yet :)
k) Now press 'q' or '!' to quit out of editing username and passwords.
l) VERY IMP - Press 'q' once more and you will be notified that the SAM HIVE has changed, do you want to write back changes - type 'y' and hit ENTER
m) Now you can restart the server by just using Ctrl + Alt + Del or a Hard reboot.

REMEMBER - What we have done in this step is that we have just reset DIRECTORY SERVICES RESTORE MODE password and not the DOMAIN ADMIN password. This will only allow you access to the server from the DSRM mode. We will learn how to reset the domain admin password in STEP 2.

Step 2 -

a) REBOOT your server but when it is booting up keep tapping the F8 key, you will now see a screen with advanced boot options. Here choose DIRECTORY SERVICES RESTORE MODE and boot hit ENTER.
b) Now when you get the LOGIN PROMPT, remember and this is very important, you want to login as the local admin on the server so your username should be SERVERNAME\Administrator and not DOMAIN.LOCAL\Administrator. Replace the SERVERNAME with your server's name.
c) So in the username type SERVERNAME\Administrator and leave the password field blank and hit ENTER.
d) Congratulations, you are now logged into your server, but what you still need to do is RESET your domain admin password and unfortunately this cannot be done from this mode, but we will use a little trick to create a new service in windows which will reset the domain admin password on the next reboot of the server.

The instructions from here on are explained very well in step 1 of a link on Mr. Petri's website so I suggest you to go here http://www.petri.co.il/reset_domain_admin_password_in_windows_server_2003_ad.htm, rather than I repeat the same thing.

This is it!! You have successfully reset your own server.
This article was first published by myself on my website Confatech IT Knowledgebase, to see the updated version of this article visit- http://www.confatech.com/windows-server-2008/forgot-domain-admin-password-server2008


This article has been written for informational purpose only and any potential misuse or abuse of it will not be the liability of the author.
Improper use of this tool can also render the system unbootable and hence proper care should be taken when using this tool.
Users are also advised to do read the instructions provided by the author of the program before using it (http://pogostick.net/~pnh/ntpasswd/)

LVL 11

Author Comment

Hi stone5150,

"I think it is a fairly common occurrence these days that IT Administrators forget the password of a Domain Controller after they have got back from a vacation OR there has just been a situation where the previous system admin has left without leaving the Server Password"

Okay agreed, only morons will not do documentation but there are still a few people like that. Some people who are still very new to Windows Server environments. You may not have come across this but I have - some small businesses also have employees who think they are an IT WIZ and they set up their own servers and after a while end up loosing their password and then getting us there for help them reset it.

If you wanna do a quick search on EE/Google with keywords "Forgot Domain Admin Password". I bet you will get the answer to your question. I have read questions where people have said their IT guy left a while ago and the server passwords are not working OR we had this server setup by this IT Company a while ago and they are no longer in business. There are 100s of questions like this being asked on an every day basis. Maybe I should have explained it well.

My focus in this article was to show people how to use this "Offline NT Password and Registry Editor" tool. Maybe you are right, I should try and do some screenshots and make some of my own additions instead of giving a link to Petri's article. Will that make you happy??

Your comments..

PS: It would be better to make your future comments private.
LVL 38

Expert Comment

This Article should not have been published on Experts-Exchange.

In the first place, what is described here (and many other legitimate places on the lnternet) is NOT "resetting" the password.

It is CHANGING the password. The ramifications of taking this inadvisable action are many and varied - but at the least you should expect that any number of "Services" will begin to fail.

I am really sorry to see this type of information presented on these pages.
LVL 11

Author Comment

"It is CHANGING the password. The ramifications of taking this inadvisable action are many and varied - but at the least you should expect that any number of "Services" will begin to fail."

I disagree with you. Most Services are set to use SYSTEM ACCOUNT or NETWORK SERVICE account credentials unless otherwise changed. This utility just changes the password for the DIRECTORY SERVICES RESTORE mode and from then on we go about changing the system admin password by creating a windows service. I do not see why you are so upset about this. I have used it atleast 50 times and never had any problems whatsoever.

IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

LVL 38

Expert Comment

It is unfortunate that you don't even understand the ramifications of what you are doing - regardless of how many times you claim to have used it.

Rather than get in a contentious debate, I will simply unsubscribe and let others offer their thoughts.
LVL 11

Author Comment


First of all, you are entitled to your own opinion.

Secondly, in terms of using it, obviously it is something that one will loose as a last resort when all other avenues have been exhausted.

Thirdly, I do agree there is a risk involved if you are not familiar with how Server 2003 works or how this tool works. Hence the Disclaimer at the bottom of the page

Fourthly - When you have no access to your system whatsoever because of not knowing the password, it is highly unlikely that you could do any more damage to it.  Based on your comment, I see the need to add to this article that the user must do a backup with GHOST or ACRONIS before proceeding.

Expert Comment

by:Bob Stone

Expert Comment

Man i would be really careful with changing the domain admin password.....

it seems like finding another account with domain admin rights and then adding another account with be smarter....

who knows how much code or what has that password hardcoded into it

the article is helpful with how to get into DSRM

Featured Post

The 7 Worst Nightmares of a Sysadmin

Fear not! To defend your business’ IT systems we’re going to shine a light on the seven most sinister terrors that haunt sysadmins. That way you can be sure there’s nothing in your stack waiting to go bump in the night.

Join & Write a Comment

This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month