Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Changing AD Admin password

Posted on 2011-05-03
5
Medium Priority
?
309 Views
Last Modified: 2012-05-11
Hi Experts,

I'm planning to change the password of the main user on  Windows Server 2003 who's also an Administrator.

I want to be careful not to break anything... I checked the services.msc, and it seems that there aren't any services that are specifically using that account.

What things should I watch out for? How can I be sure nothing breaks?

Please advise.
0
Comment
Question by:Kaptain1
  • 2
  • 2
5 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 35515969
Is this a domain account or local to that box.  Could that account be used for services on other machines?  You want to check that too.  

Thanks

Mike
0
 
LVL 1

Author Comment

by:Kaptain1
ID: 35516030
Well, the server is a DC, but it's not replicating with any other servers. I believe it's a Domain account (since it's set-up in AD?).

I don't think that other machines are using that account - what would be the best way to check?
0
 
LVL 20

Expert Comment

by:Svet Paperov
ID: 35516497
I would completely disable the integrated Administrator account after creating a copy account from it. The SID of the administrator is well known and can serve as entry point for an attack. By creating a copy of it, you will retain all its permissions eliminating the danger of brut force attack.

However, you need to verify if it not used on other servers too. Being a DC, the local Administrator account is actually a domain administrator, so it could be used by services on other servers. On other hand, there is no software that will use it without asking during the installation, so if you know your network, there is no danger of disabling or changing its password.  
0
 
LVL 1

Author Comment

by:Kaptain1
ID: 35517496
Yes, the main account name is not Administrator, but it has Administrator privileges.

Is there any other way I can check/predict possible issues with changing the main account's password?

Thanks
0
 
LVL 20

Accepted Solution

by:
Svet Paperov earned 2000 total points
ID: 35517733
If you have auditing enabled on the DC and the member servers you could see some logs in the secuty events.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

577 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question