• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4647
  • Last Modified:

Can't Change Administrator Password

We recently installed server 2008 and decided to test it as a replacement for our old
domain controller.
My colleague decided that it would be a wise idea to change our domain administrator
password, which it was. He went to active directory and reset the password instead of
pressing ctrl, alt, delete and changing it there.

Doing that has caused a problem, we can't change the password anymore, if I press
ctrl, alt and delete and try to change the password then it simply gives an error.

Is there any way to reset the password or rectify the problem?

Thanks in advance
  • 2
  • 2
  • 2
  • +1
1 Solution
Are you unable to enter a password of your choice or is it the case as suggested by the message you display here that you have entered a password it just does not meet the domain requirements on complexity?

GenasysTechnologiesIT ManagerAuthor Commented:
it does not accept the password i have entered.
i disabled the password complexity requirements on the domain.
i've tried 11 character password using capitals, lower case, numerics and symbols so even if it was still enabled, it should have accepted it.
I don't know if this works on server 2008, but I've used this utility successfully in the past.
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

The above utility is to set a local account admin password.  I'm not sure if your domain admin account is not local for the machine.  In reading over your original post, that might not be what you are after.
ok you have disabled the complexity requirements in the domain, did you do the same for the 'Domain Controller Security Policy' I would check both and look at password length as well to be sure.

Has to be one of those
Umm I don't think disabling something what is here for your protection is a good idea.
Complexity requirements mean this:
We have 4 categories of charactes:
- Uppercase letters
- Lowercase letters
- Numbers
- Special characters
Tha password meets complexity requirements if it contains at least 3 out of 4 of these categories, have apropriate length and doesn't contain even a part of your username in password.
Just take some phrase like "I'm trying my brand new windows 2008 server" and generate a passphrase from this, eg: I'mtmbnW2k8Serv"...very nice password, not difficult to remember.
But if you still want to use some unsafe password, yes you have to modify the Default Domain Controllers Policy. Also check if there's another policy linked to Domain Controllers OU, such specific account and password policy.
GenasysTechnologiesIT ManagerAuthor Commented:
Our main problem was that even though we met the policy requirements set
Server still rejected our request.

We found a solution to our problem.
We went to the Group Policy Management Snapin
Selected the default domain controllers policy and default domain policy
under our domain.
We then removed all the policy rules and used "gpupdate /force" to force all
the policy's in place.
We then re-added the policy's the way we wanted them and set the password
rules and then used "gpupdate /force" again.

That solved the problem.

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 2
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now