Solved

Unknown Administrator Password

Posted on 2013-01-22
7
716 Views
Last Modified: 2013-01-23
Here is what is going on. I recently took over an account from another IT company. I changed the AD administrator password. It was working just fine but yesterday I had to get on the Server and the password would not work. I tried using a Linux password hack cd but could not get it to work. I went ahead and tried logging in using another users account and it logged in. I found out that almost every user had administrative rights. I went ahead and changed the administrator password again and removed administrative right for all the users. So today I needed to install two new desktops and when I went to join the domain, the password that I just changed it to yesterday no longer works. Unfortunately in trying to make things more secure, I no longer could use any of the other logins now either. I realized that the Linux CD was only changing the local administrator password so I bought Asunsoft's Windows password reset advanced software that said it could change the password for the AD administrator account. It also said it could add new users with administrator rights. The software did not work. I also bought and downloaded another program that said it could do it but no go with it either. Since I could change the local administrator password, I tried using the method from Petri's website to boot into Directory Service Restore Mode that would allow me to login with the local administrator account but even though the Linux CD said it had successfully change the password, I could not login. It seems that there is something going on with this Server that is preventing me from accessing the Administrator account. My guess is that is the reason why the previous IT company had most of the users accounts with administrative privileges. They couldn't fix the issue, so they just made sure they could still access the system. I am hoping that someone has a good suggestion as to what I can do to get the Administrator account password changed so that I can login. Or if not the administrator then how can I either add a new user to AD with administrative rights or add administrative rights to an existing user account without being in Windows.
0
Comment
Question by:BigNate99
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 25

Accepted Solution

by:
Tony Giangreco earned 500 total points
ID: 38808386
We ran into the same type of situation at a new client a few years ago. We used this utility and it worked great:

Active@ Password Changer Professional
http://www.lsoft.net/pwch.aspx
0
 

Author Comment

by:BigNate99
ID: 38808415
i remembered that most times the Linux password changer always worked best to blank the administrator password rather than changing it. I was worried about password complexity requirements but in this case it shouldn't matter. I blanked the password and was able to login while booted to Directory Services Repair Mode. I have run the solution from Petri.com and am booting Windows SBS 2003 right now to see if it works. I did notice that WinRar was set to some sort of Cyrillic language that looked Russian. I am wondering if the Server has been hacked.
0
 

Author Comment

by:BigNate99
ID: 38808435
That worked, I am in. Now to start looking for the possibility of being hacked.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:BigNate99
ID: 38810213
I've requested that this question be closed as follows:

Accepted answer: 0 points for BigNate99's comment #a38808415
Assisted answer: 500 points for TG-TIS's comment #a38808386

for the following reason:

I figured it out but I figure that TG-TIS's solution may have worked also.
0
 
LVL 10

Expert Comment

by:cpmcomputers
ID: 38808469
Great to see you are back in :-)
Just to suggest that I had two (new) clients with not dissimilar problems
One had been hacked and after adding more than one admin account and changing all user passwords (I also particularly changed the listening port for rdp from the standard 3389) this system has been fine since
The second had a "fallout" with the previous IT company and they had added several third party plugins to both the server and LAN client pcs that allowed them to access the server  to keep resetting the accounts
(Even after I changed IP address) which at the time completely floored me
I checked for goto assist ,kassaya,logmein,ntr support,etc
Good luck with this
0
 
LVL 78

Expert Comment

by:arnold
ID: 38808481
The question is closed, the issue is less likely a hack, but possibly a GPO, scheduled task resets the admin password to a known value.
Make sure you have auditing enabled on AD resources, then look for administrator account password change events track it back to the system if not n the DC.
0
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 38809536
To close the question and award points, under my suggestion, click the green check that says Accept As Solution and click Submit at the bottom.

Glad I could provide help. Good luck in resolving your hacking problem.
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've often see, or have been asked, the question about the difference between the Exchange 2010 SP1 version, available as part of Small Business Server (SBS) 2011, and the “normal” Exchange 2010 SP1 Standard. The answer to the question is relativ…
This is a little timesaver I have been using for setting up Microsoft Small Business Server (SBS) in the simplest possible way. It may not be appropriate for every customer. However, when you get a situation where the person who owns the server is i…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question