Solved

Domain Administrator Account renamed. Can't find it anymore

Posted on 2011-09-25
9
951 Views
Last Modified: 2016-09-20
Hi Experts,

Some Company's administrator renamed the default Domain Account ADMINISTRATOR. I cannot find it anymore. There anre many users being member of Domain Admins so I can't tell which one is the default administrator.

How can I find the default domain admin account?

Tks!

Rodrigo Garcone
0
Comment
Question by:garconer
  • 3
  • 2
  • 2
  • +2
9 Comments
 
LVL 10

Expert Comment

by:SuperTaco
ID: 36596796
Try to look at schema and enterprise admin groups.  
0
 

Author Comment

by:garconer
ID: 36596971
Someone messed up every admin group. Schema and Enterprise has just domain admins group as a member.

I was thinking about if there is a commom SID for every domain administrator account so I can find it using ldp.
0
 
LVL 22

Expert Comment

by:chakko
ID: 36597053
I would check the Profile location on some servers.  When the 'Administrator' account logged on to the server it should have created the profile folder named 'Adminstrator' (for example).

Renaminng the Account in AD will not result in the user profile folder being renamed,  That folder should still be named Administrator.
When you find a suitable server just logon with the other Admin accounts and check the 'Administrator' profile folder.  When have that folder as your profile location folder then you found your original Administrator account.

If you don't have too many 'Admins' then it shouldn't be too much trial-and-error work to find it.

0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 36597241
Yes you should be able to find the default admininstrator account by the objectsid attribute

http://support.microsoft.com/kb/243330

SID: S-1-5-21domain-500
Name: Administrator
Description: A user account for the system administrator. By default, it is the only user account that is

so it will have S-1-5-21 {domain identifier} - 500{rid}

That is the same in every domain, see screenshot from my built-in admin account in my lab

Thanks

Mike
builtinAdmin.jpg
0
 

Author Closing Comment

by:garconer
ID: 36597455
That answer proofs why mkline71 is the #1 in active directory session. His answers are always perfect!

Tks very much!
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 36598943
Not always perfect....I'm still learning everyday too...but glad to help :)
0
 

Expert Comment

by:hitchineris
ID: 41807578
I am unable to find the administrator account in my domain.  I followed Mike Kline's adfind solution above but queried for sam account name given the SID. Please see attached screen shot.
0
 

Expert Comment

by:hitchineris
ID: 41807606
0
 

Expert Comment

by:hitchineris
ID: 41807649
I just figured out that I was not using my domain in the SID.  I reran the command and found the Administrator account, which had been renamed and removed from the Administrators group.  Thanks for pointing me in the right direction!
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they wer…
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question