Changing AD password?

How hard is it to change Active Directory Admin password. I was logged in from home via RDP and someone knocked me off by logging in under administrator. No one has this password but me. How can I change this?

What impact will it make? Will my SQL servers be affected?

I have a 2008 Server R2 physical domain controller and a backup.
Two Hyper V hosts with the following 4 VMS
   2 mssql 2005 servers
   1 2003 Terminal Server
   1 2008 Server Phone Server

What are the best practices to make this change and pit falls?
MEATBALLHEROAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Kyle GreenCommented:
To change your admin password take a look at this...
http://binarynature.blogspot.com/2013/01/reset-active-directory-administrator-password.html#!/2013/01/reset-active-directory-administrator-password.html

That's for Server 2012 but I don't think the methodology will be different from what you need.

As for what this does, if you're running service accounts with lowest possible permissions for those servers you'll be fine. If you're running everything off of the admin account, which is terribly dangerous for MANY reasons, you will need to change the password on each individual server. If I remember correctly (which I sometimes don't) you'll need to examine your group security policies to make sure that no one but you has the rights to change the administrator password.

If you inherited the network and you're finding people have the admin password I suggest you change it immediately and perform a full audit of your security.
0
Will SzymkowskiSenior Solution ArchitectCommented:
If you change the password for the domain admin account it should not affect anything in your environment. However, if you are using this account for services that are running on your member servers i.e. SQL, Exchange, Apps etc you will break these servers by changing the password.

Best thing for that is to create services accounts which represent the servers like svc_sql, svc_exchange etc. I would change this if you are currently using your domain admin account for services accounts.

I would also recommend renaming your domain admin account to something else other than "administrator". You can do this by modifying the default domain policy using GPO.

rename domain admin account - http://technet.microsoft.com/en-us/library/cc747484(v=ws.10).aspx

Verify that your services and scheduled tasks are not using the administrator account for any servers and then you can change it without any worry.

Thanks


Will.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.