Solved

Admin Password

Posted on 2011-09-02
8
292 Views
Last Modified: 2012-05-12
I recently had a sysadmin quit. To be safe I want to reset the Domain Administrator password with as little fuss as possible. Is there a very simple procedure for this - i.e. select administrator account in AD and change password or are there other considerations?

Thanks
0
Comment
Question by:gwg80
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +2
8 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 36473431
The biggest consideration here is if the account is used for any services.  If it is you will have to update the password on the services too.    Other than that you should be ok and this is best practice for security reasons.

Thanks

Mike
0
 
LVL 10

Expert Comment

by:abhijitwaikar
ID: 36473489
Services shouldn't run under user accounts, for this sort of reason. The only thing you can do is make sure everything keeps running smoothly when you make the change.

but anyhow if you know which services use the admin account, create a dedicated account(s) for those services, make sure they run OK using the new credentials and then change the admin password.

Check the Password Policies for Windows Active Directory.
http://www.my-pcgeek.com/wordpress/?p=93

Regards,
Abhijitw.
0
 
LVL 6

Expert Comment

by:c1nmo
ID: 36477174
It could be used within applications as well as services e.g. ftp server to connect to AD.  Depends how big your company is, number of systems/services.  If the person is leaving the company you could disable remote access for this domain admin account?  If he was worth his salt he wouldn't have used this account!
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 24

Accepted Solution

by:
Awinish earned 500 total points
ID: 36480880
You can make use of below article to scan the account used for service or not & then reset the password. Mostly, i have seen people configured domain admin for SQL service.

http://adventuresofanitpro.blogspot.com/2007/12/script-to-audit-service-accounts.html
http://community.spiceworks.com/scripts/show/74-search-for-service-account
0
 

Author Comment

by:gwg80
ID: 36485119
99% of all services have Local System or Local Service listed as Log On. Does this impact anything?
0
 
LVL 24

Expert Comment

by:Awinish
ID: 36485149
Nope,you are good to go.

0
 
LVL 10

Expert Comment

by:abhijitwaikar
ID: 36498691
99% of all services have Local System or Local Service
That is fine, No imapct but what about 1%?  

As suggested, if anyone uses admin or other account, create a dedicated account(s) for those services, make sure they run OK using the new credentials and then change the admin password.

Regards,
AbhiijitW.
0
 

Author Closing Comment

by:gwg80
ID: 36540367
Went off without a hitch.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question