Solved

Domain Admin Password Recovery

Posted on 2012-12-28
8
409 Views
Last Modified: 2013-01-18
A mailicious individual somehow logged into our domain controller and changed the domain administrator password and administrator account username. Currently, we discovered what the domain admin username is but still cannot log into the domain controller. There are no domain admins. All domain admins were removed from membership. Is there a way to log into the server and not have to rebuild a new one?  There is no full backup of the DC.
0
Comment
Question by:Randy Wake
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 10

Assisted Solution

by:cpmcomputers
cpmcomputers earned 167 total points
ID: 38726917
0
 
LVL 13

Accepted Solution

by:
upalakshitha earned 167 total points
ID: 38726930
0
 
LVL 25

Assisted Solution

by:Lionel MM
Lionel MM earned 166 total points
ID: 38729127
Make sure you disconnect the server from the network until you can regain access because if someone has control of it your efforts can be twarted. . This is from ultimate boot CD (http://www.ultimatebootcd.com/) http://www.ehow.com/how_8226489_reset-password-ultimate-boot-cd.html
http://pogostick.net/~pnh/ntpasswd/
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 
LVL 10

Expert Comment

by:cpmcomputers
ID: 38729153
Agreed

Also check they do not have any remote agents installed such as Kasaya,logmein,etc

If you have Microsoft RDP enabled change it to a non-standard listening port.
(Update your firewall accordingly)

Lionelmm - a query ?

Does that work for the domain admin password or just the local admin
I did a job like this a long while ago now
(Russian criminals hacked an sbs server)
vaguely remember going down the route you suggest and it was ok for local server login but not domain admin - Hence using the stellar product ( albeit a purchase )
Not on commission btw :-)

Apologies if I am incorrect on this
0
 
LVL 25

Expert Comment

by:Lionel MM
ID: 38729191
It worked on my issue several years back and a DC (domain controller) does not have a "local admin"; you cannot logon to it other than with a domain user (domain\username). Unlike other non DC servers you can logon locally and with a domain user. There is also another multi-boot USB I use that provide additional password cracker options, but I have not tested these. (http://www.pendrivelinux.com/yumi-multiboot-usb-creator/) so if you know yours works it may be worth the cost in terms of time.
0
 
LVL 10

Expert Comment

by:cpmcomputers
ID: 38729225
OK thanks

It was some time ago that I sorted this and it was SBS2003
I also tried parts of this article

http://www.petri.co.il/reset_domain_admin_password_in_windows_server_2003_ad.htm

Seems to indicate it will work for a DC but you do need to be able to login with admin rights?
Hence my confusion

Don't want the questioner paying out un-necessarily so the other options may be worth a look
As you say the main thing is to ensure the bad guys do not get back in again
0
 

Author Comment

by:Randy Wake
ID: 38791994
We ended up rebuilding the server and restoring data from a backup.  What a nightmare!  Thanks all for your recommendations and suggestions for solutions.
0
 
LVL 10

Expert Comment

by:cpmcomputers
ID: 38792013
Did you ever discover what caused it ?
0

Featured Post

Free Webinar: AWS Backup & DR

Join our upcoming webinar with experts from AWS, CloudBerry Lab, and the Town of Edgartown IT to discuss best practices for simplifying online backup management and cutting costs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found here: http://www.experts-exchang…
Have you considered what group policies are backwards and forwards compatible? Windows Active Directory servers and clients use group policy templates to deploy sets of policies within your domain. But, there is a catch to deploying policies. The…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question