• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 219
  • Last Modified:

Change Default Domain Administrator password in Active Directory 2003

Hi all,

Is it good practice to change Default domain administrator password for every 6 months for security purpose. If yes, will it affect to all service accounts and how to know those service accounts? Thanks for help.
  • 2
2 Solutions
For Best practice you only use the domain administrator account to do administrative tasks on your Domain Controller in the beginning. Like after creating the domain making your Admin account (under your name) and adding it to the domain admins group.
Otherwise it is best to touch it as little as possible.
When you haven't defined anything with the administrator account you can easily change the password every 6 months.
Try it for a few days but keep the old password in mind in case you need to change it back if the impact is to big.
TechknownAuthor Commented:
Thanks NocturnalCarpa,

The reason I want to change the password because it is possible someone knows it. It has been used for more than year without reset it. So agian it will affect some services if those depends on Domain Administrator account.
What I recommend is to define those services (be default there are none), then create an account for those services and give it a password that is very hard to remember. Save that password in something like keepass so you only need to consult it when you need it.
In that way services keep running and the administrator account can be changed every 6 months or even quicker.

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now