?
Solved

Unknown Administrator Password

Posted on 2013-01-22
7
Medium Priority
?
719 Views
Last Modified: 2013-01-23
Here is what is going on. I recently took over an account from another IT company. I changed the AD administrator password. It was working just fine but yesterday I had to get on the Server and the password would not work. I tried using a Linux password hack cd but could not get it to work. I went ahead and tried logging in using another users account and it logged in. I found out that almost every user had administrative rights. I went ahead and changed the administrator password again and removed administrative right for all the users. So today I needed to install two new desktops and when I went to join the domain, the password that I just changed it to yesterday no longer works. Unfortunately in trying to make things more secure, I no longer could use any of the other logins now either. I realized that the Linux CD was only changing the local administrator password so I bought Asunsoft's Windows password reset advanced software that said it could change the password for the AD administrator account. It also said it could add new users with administrator rights. The software did not work. I also bought and downloaded another program that said it could do it but no go with it either. Since I could change the local administrator password, I tried using the method from Petri's website to boot into Directory Service Restore Mode that would allow me to login with the local administrator account but even though the Linux CD said it had successfully change the password, I could not login. It seems that there is something going on with this Server that is preventing me from accessing the Administrator account. My guess is that is the reason why the previous IT company had most of the users accounts with administrative privileges. They couldn't fix the issue, so they just made sure they could still access the system. I am hoping that someone has a good suggestion as to what I can do to get the Administrator account password changed so that I can login. Or if not the administrator then how can I either add a new user to AD with administrative rights or add administrative rights to an existing user account without being in Windows.
0
Comment
Question by:BigNate99
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 25

Accepted Solution

by:
Tony Giangreco earned 1500 total points
ID: 38808386
We ran into the same type of situation at a new client a few years ago. We used this utility and it worked great:

Active@ Password Changer Professional
http://www.lsoft.net/pwch.aspx
0
 

Author Comment

by:BigNate99
ID: 38808415
i remembered that most times the Linux password changer always worked best to blank the administrator password rather than changing it. I was worried about password complexity requirements but in this case it shouldn't matter. I blanked the password and was able to login while booted to Directory Services Repair Mode. I have run the solution from Petri.com and am booting Windows SBS 2003 right now to see if it works. I did notice that WinRar was set to some sort of Cyrillic language that looked Russian. I am wondering if the Server has been hacked.
0
 

Author Comment

by:BigNate99
ID: 38808435
That worked, I am in. Now to start looking for the possibility of being hacked.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:BigNate99
ID: 38810213
I've requested that this question be closed as follows:

Accepted answer: 0 points for BigNate99's comment #a38808415
Assisted answer: 500 points for TG-TIS's comment #a38808386

for the following reason:

I figured it out but I figure that TG-TIS's solution may have worked also.
0
 
LVL 10

Expert Comment

by:cpmcomputers
ID: 38808469
Great to see you are back in :-)
Just to suggest that I had two (new) clients with not dissimilar problems
One had been hacked and after adding more than one admin account and changing all user passwords (I also particularly changed the listening port for rdp from the standard 3389) this system has been fine since
The second had a "fallout" with the previous IT company and they had added several third party plugins to both the server and LAN client pcs that allowed them to access the server  to keep resetting the accounts
(Even after I changed IP address) which at the time completely floored me
I checked for goto assist ,kassaya,logmein,ntr support,etc
Good luck with this
0
 
LVL 79

Expert Comment

by:arnold
ID: 38808481
The question is closed, the issue is less likely a hack, but possibly a GPO, scheduled task resets the admin password to a known value.
Make sure you have auditing enabled on AD resources, then look for administrator account password change events track it back to the system if not n the DC.
0
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 38809536
To close the question and award points, under my suggestion, click the green check that says Accept As Solution and click Submit at the bottom.

Glad I could provide help. Good luck in resolving your hacking problem.
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The problem of the system drive in SBS 2003 getting full continues to be an issue, even though SBS 2008 and SBS 2011 are both in the market place.  There are several solutions to this, including adding additional drive space or using third party uti…
Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question