Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Domain Administrator Account renamed. Can't find it anymore

Posted on 2011-09-25
9
Medium Priority
?
1,184 Views
Last Modified: 2016-09-20
Hi Experts,

Some Company's administrator renamed the default Domain Account ADMINISTRATOR. I cannot find it anymore. There anre many users being member of Domain Admins so I can't tell which one is the default administrator.

How can I find the default domain admin account?

Tks!

Rodrigo Garcone
0
Comment
Question by:garconer
  • 3
  • 2
  • 2
  • +2
9 Comments
 
LVL 10

Expert Comment

by:SuperTaco
ID: 36596796
Try to look at schema and enterprise admin groups.  
0
 

Author Comment

by:garconer
ID: 36596971
Someone messed up every admin group. Schema and Enterprise has just domain admins group as a member.

I was thinking about if there is a commom SID for every domain administrator account so I can find it using ldp.
0
 
LVL 22

Expert Comment

by:chakko
ID: 36597053
I would check the Profile location on some servers.  When the 'Administrator' account logged on to the server it should have created the profile folder named 'Adminstrator' (for example).

Renaminng the Account in AD will not result in the user profile folder being renamed,  That folder should still be named Administrator.
When you find a suitable server just logon with the other Admin accounts and check the 'Administrator' profile folder.  When have that folder as your profile location folder then you found your original Administrator account.

If you don't have too many 'Admins' then it shouldn't be too much trial-and-error work to find it.

0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 57

Accepted Solution

by:
Mike Kline earned 2000 total points
ID: 36597241
Yes you should be able to find the default admininstrator account by the objectsid attribute

http://support.microsoft.com/kb/243330

SID: S-1-5-21domain-500
Name: Administrator
Description: A user account for the system administrator. By default, it is the only user account that is

so it will have S-1-5-21 {domain identifier} - 500{rid}

That is the same in every domain, see screenshot from my built-in admin account in my lab

Thanks

Mike
builtinAdmin.jpg
0
 

Author Closing Comment

by:garconer
ID: 36597455
That answer proofs why mkline71 is the #1 in active directory session. His answers are always perfect!

Tks very much!
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 36598943
Not always perfect....I'm still learning everyday too...but glad to help :)
0
 

Expert Comment

by:hitchineris
ID: 41807578
I am unable to find the administrator account in my domain.  I followed Mike Kline's adfind solution above but queried for sam account name given the SID. Please see attached screen shot.
0
 

Expert Comment

by:hitchineris
ID: 41807606
0
 

Expert Comment

by:hitchineris
ID: 41807649
I just figured out that I was not using my domain in the SID.  I reran the command and found the Administrator account, which had been renamed and removed from the Administrators group.  Thanks for pointing me in the right direction!
0

Featured Post

Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question