Solved

Need to change Windows domain admin password

Posted on 2011-09-17
5
427 Views
Last Modified: 2012-05-12
I need to change the domain admin password, which is simple through AD, but what is the normal practice for using a username/password on scheduled tasks that are running on the many servers?  I have always just used the same domain admin password for the scheduled tasks, but would I need to go back into each task and update the password after I make the change?  Is there a better practice for using a different user/pass on the tasks, other than the domain admin?  
0
Comment
Question by:murryc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 125 total points
ID: 36555456
If you change the domain admin password,you need to change the same in schedule task.
It seems that you have different schedule task for different server if this is the case you need to change it manaully,for future you can create another domain admin user and set to password nerver expires  and you can use the same id is schedule task and don't share the credentilas with any user or admin.

The existing domain user id password can be changed anytime as per the requirement that is the dependency will be remove by creating another domain admin credential for schedule tasks.

If you have same schedule task for the multiple server you can create group policy for the same.You can create a batch file and apply the schedule task by login script/startup script
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36555641
What Sandeshdubey says is the best practice...

Additionally, if your domain functional level is 2008 R2, then it will be changed automatically -- a new feature in R2--
0
 
LVL 23

Assisted Solution

by:Suliman Abu Kharroub
Suliman Abu Kharroub earned 125 total points
ID: 36555642
0
 
LVL 6

Assisted Solution

by:Flipp
Flipp earned 125 total points
ID: 36556024
I have always had a SVC account that I use for Scheduled Tasks, but at the same time I disable the built-in administrator account for security reasons.
I would expect that the disabling part is pretty standard these days.
0
 
LVL 4

Assisted Solution

by:duffme
duffme earned 125 total points
ID: 36556123
Ditto Flipp.  Disable the default admin account (as well as Guests).  Create a new one.  Each admin should use their own; no one should be using "the" admin account.  Admin accounts are used for admin-ing.  If a person has a domain admin account they should also have a standard user account.  The user account (or a security group to which they belong) may be a local admin on their workstation.  Use service accounts for running services and scheduled tasks.  These service accounts should have privileges to do what they need to do only and should generally not have the ability to log on interactively, that is, no one can log on to a dekstop with a service account.  Some applications are written in a way that need this permission though.  Not all service accounts need to have the same rights.  Assign rights and privileges accordingly.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question