Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 9167
  • Last Modified:

How to logon using the expired domain administrator password in W2012 domain

This is a MS Windows 2012 AD domain, that using the default policies. I think one of the default policy is, domain user password will be expired in 90 days (or 120 days). After not logging on to the DC for long time, not aware that this domain administrator user account is expired. Now, in front of the DC, I can't logged on. What can I do to logon to the DC?

Thanks,
0
MichaelBalack
Asked:
MichaelBalack
  • 8
  • 8
  • 6
  • +2
1 Solution
 
Mike KlineCommented:
Do you have any other admin accounts?  Use them to change the ow of this account

Thanks

Mike
0
 
Walter CurtisSharePoint AEDCommented:
If you have any pre W2k12 machines on the domain, log in there. You will be prompted with a dialog offering you the chance to change your password. May even work with client OS's like Win 7 or older.
0
 
MichaelBalackAuthor Commented:
Hi MKline71,

I do not have other admin account.

Hi SneekCo,

There is one member server - 2012, my co-worker told me he can logon locally. I'll get him to try to logon to the domain.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
Sasha KranjacCommented:
You can reset administrator or any other account password following these steps:

1. boot the DC from the Windows Server 2012 Installation DVD/USB
2. after choosing language, time zone and keyboard layout, on Windows Setup window click Repair your computer
3. click Troubleshoot
4. under Advanced options click Command prompt
5. at the command prompt type following commands
d:
cd windows\system32
ren utilman.exe utilman.exe.old
copy cmd.exe utilman.exe
6. close the command prompt window
7. exit the Setup by clicking Continue and reboot the server
8. at the logon screen, click Windows+U
9. at the command prompt type: net user account SomePassword. Replace account with account name whose password you want to change. Replace SomePassword with password of your choice.
You should be able to log onto the server.
This procedure replaces accessibility utility with command prompt executable which you envoked at the logon screen. After changing the password(s) you should restore the file changes you've made by repeating steps 1-4 and:
5. at the command prompt type following commands:
copy utilman.exe.old utilman.exe
6. exit Setup and reboot. Remove any DVD/USB media from server.

Hope it helps.
0
 
MichaelBalackAuthor Commented:
Hi Sasa kranjac,

Thank for the detaied steps,i woll schedule to try it...
0
 
McKnifeCommented:
The problem is not clear. Expired accounts are asked to change their pw at logon - so what problem do you have?
0
 
Walter CurtisSharePoint AEDCommented:
There is a security setting which I have not seen before W2k12 that does not prompt one for a new password when they attempt to log in with an expired password. (As was the case in previous versions.)
0
 
McKnifeCommented:
May I ask what you are refering to? I just tried it and expired an account and tried to logon to a 2012 Server - all normal, I was requested to change my pw.
0
 
Walter CurtisSharePoint AEDCommented:
Then the setting has not be applied to your system. It is not out of the box, but a security setting that can be enabled if desired.
0
 
McKnifeCommented:
Ok. Then we should search and find it in the GPO reference.
0
 
MichaelBalackAuthor Commented:
Thanks for the helps form everyone. I also felt that it is a bit weird as in this case, the expired account didn't prompt for new password change. However, all these problem are feedback by my co-worker, in which he is onsite. I didn't got a chance to "visualize it" myself. I will scheduled to go onsite in few day's time.
0
 
McKnifeCommented:
Time to clear up what we are talking about...
The author wrote "Now, in front of the DC..." which does not suggest that we are talking about RDP at all. Or are we?
0
 
Walter CurtisSharePoint AEDCommented:
@MichaelBalack - no matter the terminology I know what you are experiencing because I have been there too in real life. You want to log in or need to log in and you can't. Really messes up your plan. Luckily I had colleagues that could log in and I could reset my password. Hope you get your problem solved and hope I was able to help some.
0
 
MichaelBalackAuthor Commented:
Hi SneekCo,

Thanks for your understanding, I will get the problem sorted out.

Thanks everyone, wait for my update in these few day...
0
 
McKnifeCommented:
>  I have been there too in real life
Many have, including me :) The problem has been around since NLA (win 2008 Server/Vista). Not 2012 only and not induced by a non-Default policy. Simply NLA (default). Not patchable, see my own thread http://www.experts-exchange.com/Software/System_Utilities/Remote_Access/Q_28301279.html

So MichaelBalack, this is indeed RDP?
0
 
Walter CurtisSharePoint AEDCommented:
Thanks for the information, good stuff.
0
 
McKnifeCommented:
Capitano, are you out there?
0
 
Sasha KranjacCommented:
These comments are indeed all very valuable.
I have experienced various Windows Server behaviour - have been asked for expired password and have not been asked for the password. There is always solution for the problem but at the expense of the time required to solve it. In some cases I have chosen the fastest path to the solution.
Hope you are able to solve your problem.
0
 
MichaelBalackAuthor Commented:
Hi everyone,

My onsite visit has to be postponed to next Thursday, about a week to go. I will updates the founding and approaches. Hope can solve the problem.
0
 
MichaelBalackAuthor Commented:
Hi everyone,

Sorry to keep you guys waiting. I did a simple test by following the steps shown by Sasa, and it works perfectly. I have made appointment to be onsite to see the real thing.

This trick reminds me of back to NT 4 time, in which a rename of one *.exe file would allow you to have full access, right?
0
 
Sasha KranjacCommented:
I'm glad it worked.

Hehe, you're right. Back on NT4 you had to rename LOGON.SCR to CMD.EXE. After that you rebooted and waited for a "screensaver" to appear and voila! The rest is the same: net user...
0
 
McKnifeCommented:
Hmm. Have you understood, what your problem is, capitano? Resetting a pw is one thing, being unable to change a pw via RDP is something totally different.
0
 
MichaelBalackAuthor Commented:
Hi McKnife,

Thanks for pointing out this important point.
0
 
MichaelBalackAuthor Commented:
Great, it works like a charm
0
 
McKnifeCommented:
Hmm, time to clear up what we had been llooking at here. Was it an RDP connection or not?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 8
  • 8
  • 6
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now