Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How to logon using the expired domain administrator password in W2012 domain

Posted on 2014-01-06
26
Medium Priority
?
7,479 Views
Last Modified: 2014-01-24
This is a MS Windows 2012 AD domain, that using the default policies. I think one of the default policy is, domain user password will be expired in 90 days (or 120 days). After not logging on to the DC for long time, not aware that this domain administrator user account is expired. Now, in front of the DC, I can't logged on. What can I do to logon to the DC?

Thanks,
0
Comment
Question by:MichaelBalack
  • 8
  • 8
  • 6
  • +2
26 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39761181
Do you have any other admin accounts?  Use them to change the ow of this account

Thanks

Mike
0
 
LVL 20

Expert Comment

by:Walter Curtis
ID: 39761215
If you have any pre W2k12 machines on the domain, log in there. You will be prompted with a dialog offering you the chance to change your password. May even work with client OS's like Win 7 or older.
0
 
LVL 1

Author Comment

by:MichaelBalack
ID: 39761283
Hi MKline71,

I do not have other admin account.

Hi SneekCo,

There is one member server - 2012, my co-worker told me he can logon locally. I'll get him to try to logon to the domain.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 6

Accepted Solution

by:
Sasha Kranjac earned 2000 total points
ID: 39761286
You can reset administrator or any other account password following these steps:

1. boot the DC from the Windows Server 2012 Installation DVD/USB
2. after choosing language, time zone and keyboard layout, on Windows Setup window click Repair your computer
3. click Troubleshoot
4. under Advanced options click Command prompt
5. at the command prompt type following commands
d:
cd windows\system32
ren utilman.exe utilman.exe.old
copy cmd.exe utilman.exe
6. close the command prompt window
7. exit the Setup by clicking Continue and reboot the server
8. at the logon screen, click Windows+U
9. at the command prompt type: net user account SomePassword. Replace account with account name whose password you want to change. Replace SomePassword with password of your choice.
You should be able to log onto the server.
This procedure replaces accessibility utility with command prompt executable which you envoked at the logon screen. After changing the password(s) you should restore the file changes you've made by repeating steps 1-4 and:
5. at the command prompt type following commands:
copy utilman.exe.old utilman.exe
6. exit Setup and reboot. Remove any DVD/USB media from server.

Hope it helps.
0
 
LVL 1

Author Comment

by:MichaelBalack
ID: 39761459
Hi Sasa kranjac,

Thank for the detaied steps,i woll schedule to try it...
0
 
LVL 57

Expert Comment

by:McKnife
ID: 39761585
The problem is not clear. Expired accounts are asked to change their pw at logon - so what problem do you have?
0
 
LVL 20

Expert Comment

by:Walter Curtis
ID: 39762080
There is a security setting which I have not seen before W2k12 that does not prompt one for a new password when they attempt to log in with an expired password. (As was the case in previous versions.)
0
 
LVL 57

Expert Comment

by:McKnife
ID: 39762126
May I ask what you are refering to? I just tried it and expired an account and tried to logon to a 2012 Server - all normal, I was requested to change my pw.
0
 
LVL 20

Expert Comment

by:Walter Curtis
ID: 39762133
Then the setting has not be applied to your system. It is not out of the box, but a security setting that can be enabled if desired.
0
 
LVL 57

Expert Comment

by:McKnife
ID: 39762186
Ok. Then we should search and find it in the GPO reference.
0
 
LVL 1

Author Comment

by:MichaelBalack
ID: 39762298
Thanks for the helps form everyone. I also felt that it is a bit weird as in this case, the expired account didn't prompt for new password change. However, all these problem are feedback by my co-worker, in which he is onsite. I didn't got a chance to "visualize it" myself. I will scheduled to go onsite in few day's time.
0
 
LVL 57

Expert Comment

by:McKnife
ID: 39762316
Time to clear up what we are talking about...
The author wrote "Now, in front of the DC..." which does not suggest that we are talking about RDP at all. Or are we?
0
 
LVL 20

Expert Comment

by:Walter Curtis
ID: 39762365
@MichaelBalack - no matter the terminology I know what you are experiencing because I have been there too in real life. You want to log in or need to log in and you can't. Really messes up your plan. Luckily I had colleagues that could log in and I could reset my password. Hope you get your problem solved and hope I was able to help some.
0
 
LVL 1

Author Comment

by:MichaelBalack
ID: 39762379
Hi SneekCo,

Thanks for your understanding, I will get the problem sorted out.

Thanks everyone, wait for my update in these few day...
0
 
LVL 57

Expert Comment

by:McKnife
ID: 39762413
>  I have been there too in real life
Many have, including me :) The problem has been around since NLA (win 2008 Server/Vista). Not 2012 only and not induced by a non-Default policy. Simply NLA (default). Not patchable, see my own thread http://www.experts-exchange.com/Software/System_Utilities/Remote_Access/Q_28301279.html

So MichaelBalack, this is indeed RDP?
0
 
LVL 20

Expert Comment

by:Walter Curtis
ID: 39762494
Thanks for the information, good stuff.
0
 
LVL 57

Expert Comment

by:McKnife
ID: 39762704
Capitano, are you out there?
0
 
LVL 6

Expert Comment

by:Sasha Kranjac
ID: 39763278
These comments are indeed all very valuable.
I have experienced various Windows Server behaviour - have been asked for expired password and have not been asked for the password. There is always solution for the problem but at the expense of the time required to solve it. In some cases I have chosen the fastest path to the solution.
Hope you are able to solve your problem.
0
 
LVL 1

Author Comment

by:MichaelBalack
ID: 39770147
Hi everyone,

My onsite visit has to be postponed to next Thursday, about a week to go. I will updates the founding and approaches. Hope can solve the problem.
0
 
LVL 1

Author Comment

by:MichaelBalack
ID: 39796183
Hi everyone,

Sorry to keep you guys waiting. I did a simple test by following the steps shown by Sasa, and it works perfectly. I have made appointment to be onsite to see the real thing.

This trick reminds me of back to NT 4 time, in which a rename of one *.exe file would allow you to have full access, right?
0
 
LVL 6

Expert Comment

by:Sasha Kranjac
ID: 39796636
I'm glad it worked.

Hehe, you're right. Back on NT4 you had to rename LOGON.SCR to CMD.EXE. After that you rebooted and waited for a "screensaver" to appear and voila! The rest is the same: net user...
0
 
LVL 57

Expert Comment

by:McKnife
ID: 39797893
Hmm. Have you understood, what your problem is, capitano? Resetting a pw is one thing, being unable to change a pw via RDP is something totally different.
0
 
LVL 1

Author Comment

by:MichaelBalack
ID: 39798922
Hi McKnife,

Thanks for pointing out this important point.
0
 
LVL 1

Author Closing Comment

by:MichaelBalack
ID: 39805385
Great, it works like a charm
0
 
LVL 57

Expert Comment

by:McKnife
ID: 39805821
Hmm, time to clear up what we had been llooking at here. Was it an RDP connection or not?
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question