?
Solved

Domain Administrator Account renamed. Can't find it anymore

Posted on 2011-09-25
9
Medium Priority
?
1,202 Views
Last Modified: 2016-09-20
Hi Experts,

Some Company's administrator renamed the default Domain Account ADMINISTRATOR. I cannot find it anymore. There anre many users being member of Domain Admins so I can't tell which one is the default administrator.

How can I find the default domain admin account?

Tks!

Rodrigo Garcone
0
Comment
Question by:garconer
  • 3
  • 2
  • 2
  • +2
9 Comments
 
LVL 10

Expert Comment

by:SuperTaco
ID: 36596796
Try to look at schema and enterprise admin groups.  
0
 

Author Comment

by:garconer
ID: 36596971
Someone messed up every admin group. Schema and Enterprise has just domain admins group as a member.

I was thinking about if there is a commom SID for every domain administrator account so I can find it using ldp.
0
 
LVL 22

Expert Comment

by:chakko
ID: 36597053
I would check the Profile location on some servers.  When the 'Administrator' account logged on to the server it should have created the profile folder named 'Adminstrator' (for example).

Renaminng the Account in AD will not result in the user profile folder being renamed,  That folder should still be named Administrator.
When you find a suitable server just logon with the other Admin accounts and check the 'Administrator' profile folder.  When have that folder as your profile location folder then you found your original Administrator account.

If you don't have too many 'Admins' then it shouldn't be too much trial-and-error work to find it.

0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
LVL 57

Accepted Solution

by:
Mike Kline earned 2000 total points
ID: 36597241
Yes you should be able to find the default admininstrator account by the objectsid attribute

http://support.microsoft.com/kb/243330

SID: S-1-5-21domain-500
Name: Administrator
Description: A user account for the system administrator. By default, it is the only user account that is

so it will have S-1-5-21 {domain identifier} - 500{rid}

That is the same in every domain, see screenshot from my built-in admin account in my lab

Thanks

Mike
builtinAdmin.jpg
0
 

Author Closing Comment

by:garconer
ID: 36597455
That answer proofs why mkline71 is the #1 in active directory session. His answers are always perfect!

Tks very much!
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 36598943
Not always perfect....I'm still learning everyday too...but glad to help :)
0
 

Expert Comment

by:hitchineris
ID: 41807578
I am unable to find the administrator account in my domain.  I followed Mike Kline's adfind solution above but queried for sam account name given the SID. Please see attached screen shot.
0
 

Expert Comment

by:hitchineris
ID: 41807606
0
 

Expert Comment

by:hitchineris
ID: 41807649
I just figured out that I was not using my domain in the SID.  I reran the command and found the Administrator account, which had been renamed and removed from the Administrators group.  Thanks for pointing me in the right direction!
0

Featured Post

Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

579 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question