Changing AD Admin password

Posted on 2011-05-03
Last Modified: 2012-05-11
Hi Experts,

I'm planning to change the password of the main user on  Windows Server 2003 who's also an Administrator.

I want to be careful not to break anything... I checked the services.msc, and it seems that there aren't any services that are specifically using that account.

What things should I watch out for? How can I be sure nothing breaks?

Please advise.
Question by:Kaptain1
    LVL 57

    Expert Comment

    by:Mike Kline
    Is this a domain account or local to that box.  Could that account be used for services on other machines?  You want to check that too.  


    LVL 1

    Author Comment

    Well, the server is a DC, but it's not replicating with any other servers. I believe it's a Domain account (since it's set-up in AD?).

    I don't think that other machines are using that account - what would be the best way to check?
    LVL 20

    Expert Comment

    by:Svet Paperov
    I would completely disable the integrated Administrator account after creating a copy account from it. The SID of the administrator is well known and can serve as entry point for an attack. By creating a copy of it, you will retain all its permissions eliminating the danger of brut force attack.

    However, you need to verify if it not used on other servers too. Being a DC, the local Administrator account is actually a domain administrator, so it could be used by services on other servers. On other hand, there is no software that will use it without asking during the installation, so if you know your network, there is no danger of disabling or changing its password.  
    LVL 1

    Author Comment

    Yes, the main account name is not Administrator, but it has Administrator privileges.

    Is there any other way I can check/predict possible issues with changing the main account's password?

    LVL 20

    Accepted Solution

    If you have auditing enabled on the DC and the member servers you could see some logs in the secuty events.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
    ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
    This tutorial will give a short introduction and overview of Backup Exec 2014 and the additional features that have been added over its predecessor Backup Exec 2012. As with Backup Exec 2012, the Backup Exec button in the upper left corner. From her…
    This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now