Solved

Domain Controller Password is Lost...

Posted on 2007-11-14
5
934 Views
Last Modified: 2012-08-14
Hi friends !

Before five days,  I implemented Domain and my Root Domain Controller named RDC.xxx.ac.rw. The Operating System is Windows Server 2003 Enterprise Edition. I created some Domain User Accounts and Domain Computer Accounts.

There is no Additional Domain Controller (ADC) and I didn't give Domain Administrators/Schema Administrators/Enterprise Administrators group membership to any other user. The only user who has membership in these three groups is Administrator@xxx.ac.rw which is by default. The backup is three days old and after that backup, I created some more Domain User and Domain Computer Accounts.

Now, the problem is that, all the IT Professionals know this password and someone changed it and now I don't know who has done it. Now I am not able to logon to domain and even I can't add more Users and Computers to domain.

I know it is a big mistake to give this password to all IT Professionals. It is always not fair to trust all. Even If I had created an another user with Enterprise Administrator Rights, I had overcome with this problem. But I missed to do it.

Is there any solution to recover that password or as I am assuming, I will have to do my work from scretch. Because if I use my backup, it is three days old.

If you have faced the same problem or if you have any solution in this regard, please help me.

Regards,

Hemant
0
Comment
Question by:JatinHemant
  • 2
  • 2
5 Comments
 
LVL 27

Accepted Solution

by:
michko earned 300 total points
ID: 20281195
You can give the method here a try.  I haven't (had) to use it myself, but I know their reset procedures for local pc administrator work:
http://www.petri.co.il/reset_domain_admin_password_in_windows_server_2003_ad.htm
0
 
LVL 10

Assisted Solution

by:abraham808
abraham808 earned 200 total points
ID: 20281277
0
 
LVL 27

Assisted Solution

by:michko
michko earned 300 total points
ID: 20281426
@abraham808 - No need for duplicate suggestions.  You posted the exact same link as given in my post.  
0
 
LVL 10

Assisted Solution

by:abraham808
abraham808 earned 200 total points
ID: 20281717
yeah thanks.  i was looking for an answer, and you posted before I did.

But back to the real problem.  

Hemant,

Can you create a new user?  Place it in Domain Admins?  I'm not sure if you can.  But try that.

You should never use the default Administrator Account.  You should rename it and put the password in a sealed envelope. It should only be opened in case of emergency (like this).

 You should create an account for yourself (if you are an administrator) and place that account in Domain Admins.  

Hope that helps.

0
 

Author Comment

by:JatinHemant
ID: 20396629
Thanks for your comments...

Well...in my case, I have not created any other user or an user account for myself as domain administrator. But I will take precaution in future.

For now, I restored the ADBackup and now it is OK. Though I have lost some new changes but it's Ok as I managed to get Winternal's ERD Commander CD but it was too late.

And thanks for the links provided by you. I have read them but not completely. But I will soon apply them on test machines.

Regards,

Hemant

0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

I know all systems administrator at some time or another has had to create a script to copy file from a server share to a desktop. Well now there is an easy way to do this in Group Policy. Using Group policy preferences is not hard. The first thing …
Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they wer…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now