Solved

Unknown Administrator Password

Posted on 2013-01-22
7
717 Views
Last Modified: 2013-01-23
Here is what is going on. I recently took over an account from another IT company. I changed the AD administrator password. It was working just fine but yesterday I had to get on the Server and the password would not work. I tried using a Linux password hack cd but could not get it to work. I went ahead and tried logging in using another users account and it logged in. I found out that almost every user had administrative rights. I went ahead and changed the administrator password again and removed administrative right for all the users. So today I needed to install two new desktops and when I went to join the domain, the password that I just changed it to yesterday no longer works. Unfortunately in trying to make things more secure, I no longer could use any of the other logins now either. I realized that the Linux CD was only changing the local administrator password so I bought Asunsoft's Windows password reset advanced software that said it could change the password for the AD administrator account. It also said it could add new users with administrator rights. The software did not work. I also bought and downloaded another program that said it could do it but no go with it either. Since I could change the local administrator password, I tried using the method from Petri's website to boot into Directory Service Restore Mode that would allow me to login with the local administrator account but even though the Linux CD said it had successfully change the password, I could not login. It seems that there is something going on with this Server that is preventing me from accessing the Administrator account. My guess is that is the reason why the previous IT company had most of the users accounts with administrative privileges. They couldn't fix the issue, so they just made sure they could still access the system. I am hoping that someone has a good suggestion as to what I can do to get the Administrator account password changed so that I can login. Or if not the administrator then how can I either add a new user to AD with administrative rights or add administrative rights to an existing user account without being in Windows.
0
Comment
Question by:BigNate99
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 25

Accepted Solution

by:
Tony Giangreco earned 500 total points
ID: 38808386
We ran into the same type of situation at a new client a few years ago. We used this utility and it worked great:

Active@ Password Changer Professional
http://www.lsoft.net/pwch.aspx
0
 

Author Comment

by:BigNate99
ID: 38808415
i remembered that most times the Linux password changer always worked best to blank the administrator password rather than changing it. I was worried about password complexity requirements but in this case it shouldn't matter. I blanked the password and was able to login while booted to Directory Services Repair Mode. I have run the solution from Petri.com and am booting Windows SBS 2003 right now to see if it works. I did notice that WinRar was set to some sort of Cyrillic language that looked Russian. I am wondering if the Server has been hacked.
0
 

Author Comment

by:BigNate99
ID: 38808435
That worked, I am in. Now to start looking for the possibility of being hacked.
0
Is Your DevOps Pipeline Leaking?

Is your CI/CD pipeline a hodge-podge of randomly connected tools? You’ve likely got a tool to fix one problem & then a different tool to fix another, resulting in a cluster of tools with overlapping functionality. Learn how to optimize your pipeline with Gartner's recommendations

 

Author Comment

by:BigNate99
ID: 38810213
I've requested that this question be closed as follows:

Accepted answer: 0 points for BigNate99's comment #a38808415
Assisted answer: 500 points for TG-TIS's comment #a38808386

for the following reason:

I figured it out but I figure that TG-TIS's solution may have worked also.
0
 
LVL 10

Expert Comment

by:cpmcomputers
ID: 38808469
Great to see you are back in :-)
Just to suggest that I had two (new) clients with not dissimilar problems
One had been hacked and after adding more than one admin account and changing all user passwords (I also particularly changed the listening port for rdp from the standard 3389) this system has been fine since
The second had a "fallout" with the previous IT company and they had added several third party plugins to both the server and LAN client pcs that allowed them to access the server  to keep resetting the accounts
(Even after I changed IP address) which at the time completely floored me
I checked for goto assist ,kassaya,logmein,ntr support,etc
Good luck with this
0
 
LVL 78

Expert Comment

by:arnold
ID: 38808481
The question is closed, the issue is less likely a hack, but possibly a GPO, scheduled task resets the admin password to a known value.
Make sure you have auditing enabled on AD resources, then look for administrator account password change events track it back to the system if not n the DC.
0
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 38809536
To close the question and award points, under my suggestion, click the green check that says Accept As Solution and click Submit at the bottom.

Glad I could provide help. Good luck in resolving your hacking problem.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The problem of the system drive in SBS 2003 getting full continues to be an issue, even though SBS 2008 and SBS 2011 are both in the market place.  There are several solutions to this, including adding additional drive space or using third party uti…
Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question