Solved

Admin Password

Posted on 2011-09-02
8
286 Views
Last Modified: 2012-05-12
I recently had a sysadmin quit. To be safe I want to reset the Domain Administrator password with as little fuss as possible. Is there a very simple procedure for this - i.e. select administrator account in AD and change password or are there other considerations?

Thanks
0
Comment
Question by:gwg80
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +2
8 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 36473431
The biggest consideration here is if the account is used for any services.  If it is you will have to update the password on the services too.    Other than that you should be ok and this is best practice for security reasons.

Thanks

Mike
0
 
LVL 10

Expert Comment

by:abhijitwaikar
ID: 36473489
Services shouldn't run under user accounts, for this sort of reason. The only thing you can do is make sure everything keeps running smoothly when you make the change.

but anyhow if you know which services use the admin account, create a dedicated account(s) for those services, make sure they run OK using the new credentials and then change the admin password.

Check the Password Policies for Windows Active Directory.
http://www.my-pcgeek.com/wordpress/?p=93

Regards,
Abhijitw.
0
 
LVL 6

Expert Comment

by:c1nmo
ID: 36477174
It could be used within applications as well as services e.g. ftp server to connect to AD.  Depends how big your company is, number of systems/services.  If the person is leaving the company you could disable remote access for this domain admin account?  If he was worth his salt he wouldn't have used this account!
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 24

Accepted Solution

by:
Awinish earned 500 total points
ID: 36480880
You can make use of below article to scan the account used for service or not & then reset the password. Mostly, i have seen people configured domain admin for SQL service.

http://adventuresofanitpro.blogspot.com/2007/12/script-to-audit-service-accounts.html
http://community.spiceworks.com/scripts/show/74-search-for-service-account
0
 

Author Comment

by:gwg80
ID: 36485119
99% of all services have Local System or Local Service listed as Log On. Does this impact anything?
0
 
LVL 24

Expert Comment

by:Awinish
ID: 36485149
Nope,you are good to go.

0
 
LVL 10

Expert Comment

by:abhijitwaikar
ID: 36498691
99% of all services have Local System or Local Service
That is fine, No imapct but what about 1%?  

As suggested, if anyone uses admin or other account, create a dedicated account(s) for those services, make sure they run OK using the new credentials and then change the admin password.

Regards,
AbhiijitW.
0
 

Author Closing Comment

by:gwg80
ID: 36540367
Went off without a hitch.
0

Featured Post

MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question