Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Admin Password

Posted on 2011-09-02
8
Medium Priority
?
304 Views
Last Modified: 2012-05-12
I recently had a sysadmin quit. To be safe I want to reset the Domain Administrator password with as little fuss as possible. Is there a very simple procedure for this - i.e. select administrator account in AD and change password or are there other considerations?

Thanks
0
Comment
Question by:gwg80
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +2
8 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 36473431
The biggest consideration here is if the account is used for any services.  If it is you will have to update the password on the services too.    Other than that you should be ok and this is best practice for security reasons.

Thanks

Mike
0
 
LVL 10

Expert Comment

by:abhijitwaikar
ID: 36473489
Services shouldn't run under user accounts, for this sort of reason. The only thing you can do is make sure everything keeps running smoothly when you make the change.

but anyhow if you know which services use the admin account, create a dedicated account(s) for those services, make sure they run OK using the new credentials and then change the admin password.

Check the Password Policies for Windows Active Directory.
http://www.my-pcgeek.com/wordpress/?p=93

Regards,
Abhijitw.
0
 
LVL 6

Expert Comment

by:c1nmo
ID: 36477174
It could be used within applications as well as services e.g. ftp server to connect to AD.  Depends how big your company is, number of systems/services.  If the person is leaving the company you could disable remote access for this domain admin account?  If he was worth his salt he wouldn't have used this account!
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
LVL 24

Accepted Solution

by:
Awinish earned 2000 total points
ID: 36480880
You can make use of below article to scan the account used for service or not & then reset the password. Mostly, i have seen people configured domain admin for SQL service.

http://adventuresofanitpro.blogspot.com/2007/12/script-to-audit-service-accounts.html
http://community.spiceworks.com/scripts/show/74-search-for-service-account
0
 

Author Comment

by:gwg80
ID: 36485119
99% of all services have Local System or Local Service listed as Log On. Does this impact anything?
0
 
LVL 24

Expert Comment

by:Awinish
ID: 36485149
Nope,you are good to go.

0
 
LVL 10

Expert Comment

by:abhijitwaikar
ID: 36498691
99% of all services have Local System or Local Service
That is fine, No imapct but what about 1%?  

As suggested, if anyone uses admin or other account, create a dedicated account(s) for those services, make sure they run OK using the new credentials and then change the admin password.

Regards,
AbhiijitW.
0
 

Author Closing Comment

by:gwg80
ID: 36540367
Went off without a hitch.
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Here's a look at newsworthy articles and community happenings during the last month.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question