Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Domain Controller Password is Lost...

Posted on 2007-11-14
5
Medium Priority
?
954 Views
Last Modified: 2012-08-14
Hi friends !

Before five days,  I implemented Domain and my Root Domain Controller named RDC.xxx.ac.rw. The Operating System is Windows Server 2003 Enterprise Edition. I created some Domain User Accounts and Domain Computer Accounts.

There is no Additional Domain Controller (ADC) and I didn't give Domain Administrators/Schema Administrators/Enterprise Administrators group membership to any other user. The only user who has membership in these three groups is Administrator@xxx.ac.rw which is by default. The backup is three days old and after that backup, I created some more Domain User and Domain Computer Accounts.

Now, the problem is that, all the IT Professionals know this password and someone changed it and now I don't know who has done it. Now I am not able to logon to domain and even I can't add more Users and Computers to domain.

I know it is a big mistake to give this password to all IT Professionals. It is always not fair to trust all. Even If I had created an another user with Enterprise Administrator Rights, I had overcome with this problem. But I missed to do it.

Is there any solution to recover that password or as I am assuming, I will have to do my work from scretch. Because if I use my backup, it is three days old.

If you have faced the same problem or if you have any solution in this regard, please help me.

Regards,

Hemant
0
Comment
Question by:JatinHemant
  • 2
  • 2
5 Comments
 
LVL 27

Accepted Solution

by:
michko earned 900 total points
ID: 20281195
You can give the method here a try.  I haven't (had) to use it myself, but I know their reset procedures for local pc administrator work:
http://www.petri.co.il/reset_domain_admin_password_in_windows_server_2003_ad.htm
0
 
LVL 10

Assisted Solution

by:abraham808
abraham808 earned 600 total points
ID: 20281277
0
 
LVL 27

Assisted Solution

by:michko
michko earned 900 total points
ID: 20281426
@abraham808 - No need for duplicate suggestions.  You posted the exact same link as given in my post.  
0
 
LVL 10

Assisted Solution

by:abraham808
abraham808 earned 600 total points
ID: 20281717
yeah thanks.  i was looking for an answer, and you posted before I did.

But back to the real problem.  

Hemant,

Can you create a new user?  Place it in Domain Admins?  I'm not sure if you can.  But try that.

You should never use the default Administrator Account.  You should rename it and put the password in a sealed envelope. It should only be opened in case of emergency (like this).

 You should create an account for yourself (if you are an administrator) and place that account in Domain Admins.  

Hope that helps.

0
 

Author Comment

by:JatinHemant
ID: 20396629
Thanks for your comments...

Well...in my case, I have not created any other user or an user account for myself as domain administrator. But I will take precaution in future.

For now, I restored the ADBackup and now it is OK. Though I have lost some new changes but it's Ok as I managed to get Winternal's ERD Commander CD but it was too late.

And thanks for the links provided by you. I have read them but not completely. But I will soon apply them on test machines.

Regards,

Hemant

0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question