Domain Controller Password is Lost...

Posted on 2007-11-14
Medium Priority
Last Modified: 2012-08-14
Hi friends !

Before five days,  I implemented Domain and my Root Domain Controller named RDC.xxx.ac.rw. The Operating System is Windows Server 2003 Enterprise Edition. I created some Domain User Accounts and Domain Computer Accounts.

There is no Additional Domain Controller (ADC) and I didn't give Domain Administrators/Schema Administrators/Enterprise Administrators group membership to any other user. The only user who has membership in these three groups is Administrator@xxx.ac.rw which is by default. The backup is three days old and after that backup, I created some more Domain User and Domain Computer Accounts.

Now, the problem is that, all the IT Professionals know this password and someone changed it and now I don't know who has done it. Now I am not able to logon to domain and even I can't add more Users and Computers to domain.

I know it is a big mistake to give this password to all IT Professionals. It is always not fair to trust all. Even If I had created an another user with Enterprise Administrator Rights, I had overcome with this problem. But I missed to do it.

Is there any solution to recover that password or as I am assuming, I will have to do my work from scretch. Because if I use my backup, it is three days old.

If you have faced the same problem or if you have any solution in this regard, please help me.


Question by:JatinHemant
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 27

Accepted Solution

michko earned 900 total points
ID: 20281195
You can give the method here a try.  I haven't (had) to use it myself, but I know their reset procedures for local pc administrator work:
LVL 10

Assisted Solution

abraham808 earned 600 total points
ID: 20281277
LVL 27

Assisted Solution

michko earned 900 total points
ID: 20281426
@abraham808 - No need for duplicate suggestions.  You posted the exact same link as given in my post.  
LVL 10

Assisted Solution

abraham808 earned 600 total points
ID: 20281717
yeah thanks.  i was looking for an answer, and you posted before I did.

But back to the real problem.  


Can you create a new user?  Place it in Domain Admins?  I'm not sure if you can.  But try that.

You should never use the default Administrator Account.  You should rename it and put the password in a sealed envelope. It should only be opened in case of emergency (like this).

 You should create an account for yourself (if you are an administrator) and place that account in Domain Admins.  

Hope that helps.


Author Comment

ID: 20396629
Thanks for your comments...

Well...in my case, I have not created any other user or an user account for myself as domain administrator. But I will take precaution in future.

For now, I restored the ADBackup and now it is OK. Though I have lost some new changes but it's Ok as I managed to get Winternal's ERD Commander CD but it was too late.

And thanks for the links provided by you. I have read them but not completely. But I will soon apply them on test machines.




Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question