Solved

How to logon using the expired domain administrator password in W2012 domain

Posted on 2014-01-06
26
4,784 Views
Last Modified: 2014-01-24
This is a MS Windows 2012 AD domain, that using the default policies. I think one of the default policy is, domain user password will be expired in 90 days (or 120 days). After not logging on to the DC for long time, not aware that this domain administrator user account is expired. Now, in front of the DC, I can't logged on. What can I do to logon to the DC?

Thanks,
0
Comment
Question by:MichaelBalack
  • 8
  • 8
  • 6
  • +2
26 Comments
 
LVL 57

Expert Comment

by:Mike Kline
Comment Utility
Do you have any other admin accounts?  Use them to change the ow of this account

Thanks

Mike
0
 
LVL 14

Expert Comment

by:SneekCo
Comment Utility
If you have any pre W2k12 machines on the domain, log in there. You will be prompted with a dialog offering you the chance to change your password. May even work with client OS's like Win 7 or older.
0
 
LVL 1

Author Comment

by:MichaelBalack
Comment Utility
Hi MKline71,

I do not have other admin account.

Hi SneekCo,

There is one member server - 2012, my co-worker told me he can logon locally. I'll get him to try to logon to the domain.
0
 
LVL 6

Accepted Solution

by:
Sasa Kranjac earned 500 total points
Comment Utility
You can reset administrator or any other account password following these steps:

1. boot the DC from the Windows Server 2012 Installation DVD/USB
2. after choosing language, time zone and keyboard layout, on Windows Setup window click Repair your computer
3. click Troubleshoot
4. under Advanced options click Command prompt
5. at the command prompt type following commands
d:
cd windows\system32
ren utilman.exe utilman.exe.old
copy cmd.exe utilman.exe
6. close the command prompt window
7. exit the Setup by clicking Continue and reboot the server
8. at the logon screen, click Windows+U
9. at the command prompt type: net user account SomePassword. Replace account with account name whose password you want to change. Replace SomePassword with password of your choice.
You should be able to log onto the server.
This procedure replaces accessibility utility with command prompt executable which you envoked at the logon screen. After changing the password(s) you should restore the file changes you've made by repeating steps 1-4 and:
5. at the command prompt type following commands:
copy utilman.exe.old utilman.exe
6. exit Setup and reboot. Remove any DVD/USB media from server.

Hope it helps.
0
 
LVL 1

Author Comment

by:MichaelBalack
Comment Utility
Hi Sasa kranjac,

Thank for the detaied steps,i woll schedule to try it...
0
 
LVL 53

Expert Comment

by:McKnife
Comment Utility
The problem is not clear. Expired accounts are asked to change their pw at logon - so what problem do you have?
0
 
LVL 14

Expert Comment

by:SneekCo
Comment Utility
There is a security setting which I have not seen before W2k12 that does not prompt one for a new password when they attempt to log in with an expired password. (As was the case in previous versions.)
0
 
LVL 53

Expert Comment

by:McKnife
Comment Utility
May I ask what you are refering to? I just tried it and expired an account and tried to logon to a 2012 Server - all normal, I was requested to change my pw.
0
 
LVL 14

Expert Comment

by:SneekCo
Comment Utility
Then the setting has not be applied to your system. It is not out of the box, but a security setting that can be enabled if desired.
0
 
LVL 53

Expert Comment

by:McKnife
Comment Utility
Ok. Then we should search and find it in the GPO reference.
0
 
LVL 14

Expert Comment

by:SneekCo
Comment Utility
0
 
LVL 1

Author Comment

by:MichaelBalack
Comment Utility
Thanks for the helps form everyone. I also felt that it is a bit weird as in this case, the expired account didn't prompt for new password change. However, all these problem are feedback by my co-worker, in which he is onsite. I didn't got a chance to "visualize it" myself. I will scheduled to go onsite in few day's time.
0
 
LVL 53

Expert Comment

by:McKnife
Comment Utility
Time to clear up what we are talking about...
The author wrote "Now, in front of the DC..." which does not suggest that we are talking about RDP at all. Or are we?
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 14

Expert Comment

by:SneekCo
Comment Utility
@MichaelBalack - no matter the terminology I know what you are experiencing because I have been there too in real life. You want to log in or need to log in and you can't. Really messes up your plan. Luckily I had colleagues that could log in and I could reset my password. Hope you get your problem solved and hope I was able to help some.
0
 
LVL 1

Author Comment

by:MichaelBalack
Comment Utility
Hi SneekCo,

Thanks for your understanding, I will get the problem sorted out.

Thanks everyone, wait for my update in these few day...
0
 
LVL 53

Expert Comment

by:McKnife
Comment Utility
>  I have been there too in real life
Many have, including me :) The problem has been around since NLA (win 2008 Server/Vista). Not 2012 only and not induced by a non-Default policy. Simply NLA (default). Not patchable, see my own thread http://www.experts-exchange.com/Software/System_Utilities/Remote_Access/Q_28301279.html

So MichaelBalack, this is indeed RDP?
0
 
LVL 14

Expert Comment

by:SneekCo
Comment Utility
Thanks for the information, good stuff.
0
 
LVL 53

Expert Comment

by:McKnife
Comment Utility
Capitano, are you out there?
0
 
LVL 6

Expert Comment

by:Sasa Kranjac
Comment Utility
These comments are indeed all very valuable.
I have experienced various Windows Server behaviour - have been asked for expired password and have not been asked for the password. There is always solution for the problem but at the expense of the time required to solve it. In some cases I have chosen the fastest path to the solution.
Hope you are able to solve your problem.
0
 
LVL 1

Author Comment

by:MichaelBalack
Comment Utility
Hi everyone,

My onsite visit has to be postponed to next Thursday, about a week to go. I will updates the founding and approaches. Hope can solve the problem.
0
 
LVL 1

Author Comment

by:MichaelBalack
Comment Utility
Hi everyone,

Sorry to keep you guys waiting. I did a simple test by following the steps shown by Sasa, and it works perfectly. I have made appointment to be onsite to see the real thing.

This trick reminds me of back to NT 4 time, in which a rename of one *.exe file would allow you to have full access, right?
0
 
LVL 6

Expert Comment

by:Sasa Kranjac
Comment Utility
I'm glad it worked.

Hehe, you're right. Back on NT4 you had to rename LOGON.SCR to CMD.EXE. After that you rebooted and waited for a "screensaver" to appear and voila! The rest is the same: net user...
0
 
LVL 53

Expert Comment

by:McKnife
Comment Utility
Hmm. Have you understood, what your problem is, capitano? Resetting a pw is one thing, being unable to change a pw via RDP is something totally different.
0
 
LVL 1

Author Comment

by:MichaelBalack
Comment Utility
Hi McKnife,

Thanks for pointing out this important point.
0
 
LVL 1

Author Closing Comment

by:MichaelBalack
Comment Utility
Great, it works like a charm
0
 
LVL 53

Expert Comment

by:McKnife
Comment Utility
Hmm, time to clear up what we had been llooking at here. Was it an RDP connection or not?
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Synchronize a new Active Directory domain with an existing Office 365 tenant
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now