Resetting Domain Admin Password for Windows Server 2003/2008

Published on
14,561 Points
2 Endorsements
Last Modified:
I think it is a fairly common occurrence these days that IT Administrators forget the password of a Domain Controller after they have got back from a vacation OR there has just been a situation where the previous system admin has left without leaving the Server Password.

Now, let's be perfectly clear about this scenario. You really should have a site manual secured away to prevent this type of thing happening in the first place. You really should have set up a Directory Services Restore Mode password and documentation. You really should contact Microsoft Support to see if they can provide assistance. But the scenario being discussed here is when none of those "really should" have worked, and your own server must be reset in order to use it.

Let's also be perfectly clear that this process really is the last ditched attempt, and is not supported, and could be fatal to your system. On that note, by following this article, you agree to have read the DISCLAIMER at the bottom of the page, and if you haven't, please do so now.

There are lot of different utilities that are available on the web; some open source and some paid ones and it can get a bit confusing when deciding which one to go with.

There is one utility that you can rely on and believe me it works on all Windows OS from Windows NT to Windows 7 and with both 32 bit and 64 bit versions. This is called "Offline NT Password and Registry Editor" and can be FOUND HERE (http://home.eunet.no/pnordahl/ntpasswd/). Once you have downloaded the ISO image, burn it on a CDROM and then boot the Server of it.

Recovering of Password for a DC is a 2-step procedure -

Make sure that before proceeding you have unplugged the network cable from the server, this is purely for security reasons.

Step 1 -

a) Boot the Server of the "Offline NT Password and Registry Editor" disk.
b) Once your system has booted, you will be prompted with the list of NTFS partitions found on the server. Press 'a' to see the list of all the partitions.
c) Choose your windows partition - remember since it is a linux disk you will see the partitions in the format /dev/sda1,sda2 etc. so do not worry.
d) In my case I pressed '1' and hit ENTER to mount my Windows NTFS partition.
e) At this stage it will warn you saying that there has been a dirty shutdown detected with a warning. Accept it at your own risk (I personally never had any problems with it). Press 'y' to force the mount.
f) Next it will ask you to point it to the path to the registry directory, just choose the default, unless you made changes to this directory.
g) Now you will be prompted to load registry for SAM SYSTEM SECURITY or RecoverConsole Parameters. Choose the first option.
h) In the "Password or Registry Edit" screen choose option 1 - "Edit User Data and Passwords". You will now be displayed a list of usernames.
i) Choose from the list of usernames or hit ENTER to choose the default Administrator Username.
j) Choose option 1 - Clear (blank) user password. It will now say password has been Cleared. Do not restart the server as we are not done yet :)
k) Now press 'q' or '!' to quit out of editing username and passwords.
l) VERY IMP - Press 'q' once more and you will be notified that the SAM HIVE has changed, do you want to write back changes - type 'y' and hit ENTER
m) Now you can restart the server by just using Ctrl + Alt + Del or a Hard reboot.

REMEMBER - What we have done in this step is that we have just reset DIRECTORY SERVICES RESTORE MODE password and not the DOMAIN ADMIN password. This will only allow you access to the server from the DSRM mode. We will learn how to reset the domain admin password in STEP 2.

Step 2 -

a) REBOOT your server but when it is booting up keep tapping the F8 key, you will now see a screen with advanced boot options. Here choose DIRECTORY SERVICES RESTORE MODE and boot hit ENTER.
b) Now when you get the LOGIN PROMPT, remember and this is very important, you want to login as the local admin on the server so your username should be SERVERNAME\Administrator and not DOMAIN.LOCAL\Administrator. Replace the SERVERNAME with your server's name.
c) So in the username type SERVERNAME\Administrator and leave the password field blank and hit ENTER.
d) Congratulations, you are now logged into your server, but what you still need to do is RESET your domain admin password and unfortunately this cannot be done from this mode, but we will use a little trick to create a new service in windows which will reset the domain admin password on the next reboot of the server.

The instructions from here on are explained very well in step 1 of a link on Mr. Petri's website so I suggest you to go here http://www.petri.co.il/reset_domain_admin_password_in_windows_server_2003_ad.htm, rather than I repeat the same thing.

This is it!! You have successfully reset your own server.
This article was first published by myself on my website Confatech IT Knowledgebase, to see the updated version of this article visit- http://www.confatech.com/windows-server-2008/forgot-domain-admin-password-server2008


This article has been written for informational purpose only and any potential misuse or abuse of it will not be the liability of the author.
Improper use of this tool can also render the system unbootable and hence proper care should be taken when using this tool.
Users are also advised to do read the instructions provided by the author of the program before using it (http://pogostick.net/~pnh/ntpasswd/)

Ask questions about what you read
If you have a question about something within an article, you can receive help directly from the article author. Experts Exchange article authors are available to answer questions and further the discussion.
Get 7 days free