Solved

Domain Controller Password is Lost...

Posted on 2007-11-14
5
938 Views
Last Modified: 2012-08-14
Hi friends !

Before five days,  I implemented Domain and my Root Domain Controller named RDC.xxx.ac.rw. The Operating System is Windows Server 2003 Enterprise Edition. I created some Domain User Accounts and Domain Computer Accounts.

There is no Additional Domain Controller (ADC) and I didn't give Domain Administrators/Schema Administrators/Enterprise Administrators group membership to any other user. The only user who has membership in these three groups is Administrator@xxx.ac.rw which is by default. The backup is three days old and after that backup, I created some more Domain User and Domain Computer Accounts.

Now, the problem is that, all the IT Professionals know this password and someone changed it and now I don't know who has done it. Now I am not able to logon to domain and even I can't add more Users and Computers to domain.

I know it is a big mistake to give this password to all IT Professionals. It is always not fair to trust all. Even If I had created an another user with Enterprise Administrator Rights, I had overcome with this problem. But I missed to do it.

Is there any solution to recover that password or as I am assuming, I will have to do my work from scretch. Because if I use my backup, it is three days old.

If you have faced the same problem or if you have any solution in this regard, please help me.

Regards,

Hemant
0
Comment
Question by:JatinHemant
  • 2
  • 2
5 Comments
 
LVL 27

Accepted Solution

by:
michko earned 300 total points
ID: 20281195
You can give the method here a try.  I haven't (had) to use it myself, but I know their reset procedures for local pc administrator work:
http://www.petri.co.il/reset_domain_admin_password_in_windows_server_2003_ad.htm
0
 
LVL 10

Assisted Solution

by:abraham808
abraham808 earned 200 total points
ID: 20281277
0
 
LVL 27

Assisted Solution

by:michko
michko earned 300 total points
ID: 20281426
@abraham808 - No need for duplicate suggestions.  You posted the exact same link as given in my post.  
0
 
LVL 10

Assisted Solution

by:abraham808
abraham808 earned 200 total points
ID: 20281717
yeah thanks.  i was looking for an answer, and you posted before I did.

But back to the real problem.  

Hemant,

Can you create a new user?  Place it in Domain Admins?  I'm not sure if you can.  But try that.

You should never use the default Administrator Account.  You should rename it and put the password in a sealed envelope. It should only be opened in case of emergency (like this).

 You should create an account for yourself (if you are an administrator) and place that account in Domain Admins.  

Hope that helps.

0
 

Author Comment

by:JatinHemant
ID: 20396629
Thanks for your comments...

Well...in my case, I have not created any other user or an user account for myself as domain administrator. But I will take precaution in future.

For now, I restored the ADBackup and now it is OK. Though I have lost some new changes but it's Ok as I managed to get Winternal's ERD Commander CD but it was too late.

And thanks for the links provided by you. I have read them but not completely. But I will soon apply them on test machines.

Regards,

Hemant

0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Create a managed service account 2 33
Map drive based on local server 5 35
Why would someone make a DC a member of the administrator's group 6 40
AD Sites/AD Replication 11 30
Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

806 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question