Precautions taken to disable domain adminstrator account and creating a new domain administrator account

Hi

We use windows 2008 AD.I want to change our domain\administrator password for security reasons.At the moment I am not sure which all services uses the domain\administrator account.

I am planning to create a new domain administrator name as Gadministrator with all domain\administrator privileges, then and disable the old domain\administrator account.

If any services fail I  will create additional administrator privileges account  and authenticate it rather than using the domain\Gadministrator

Please suggest, Is this a good idea or is there a better way of doing this?
Thanks
lianne143Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
I suggest you use something like DameWare to identify services running under the account in question..you have to check other things such as SQL, Exchange, etc to ensure you are going to cause serious issues.
0
Tony MassaCommented:
Disabling the account will certainly work, but you should attempt to identify where the account is being used before simply disabling it.

How many servers?  You should be able to use security event logs from your domain controllers to identify where the administrator account is being used.  The logon events will give you the IP address of the server sending authentication (logon) requests.

As for the replacement account(s), I would suggest that you create multiple accounts using least privileged access to give the account(s) as little permissions as possible to carry out the individual tasks.  Don't just replace with a single account as it will become too "powerful".
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
lianne143Author Commented:
We have 18 servers within our LAN. Please post me some tutorials as how to find the services running under domain\administrator using dameware.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.