Solved

How to logon using the expired domain administrator password in W2012 domain

Posted on 2014-01-06
26
5,399 Views
Last Modified: 2014-01-24
This is a MS Windows 2012 AD domain, that using the default policies. I think one of the default policy is, domain user password will be expired in 90 days (or 120 days). After not logging on to the DC for long time, not aware that this domain administrator user account is expired. Now, in front of the DC, I can't logged on. What can I do to logon to the DC?

Thanks,
0
Comment
Question by:MichaelBalack
  • 8
  • 8
  • 6
  • +2
26 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39761181
Do you have any other admin accounts?  Use them to change the ow of this account

Thanks

Mike
0
 
LVL 17

Expert Comment

by:Walter Curtis
ID: 39761215
If you have any pre W2k12 machines on the domain, log in there. You will be prompted with a dialog offering you the chance to change your password. May even work with client OS's like Win 7 or older.
0
 
LVL 1

Author Comment

by:MichaelBalack
ID: 39761283
Hi MKline71,

I do not have other admin account.

Hi SneekCo,

There is one member server - 2012, my co-worker told me he can logon locally. I'll get him to try to logon to the domain.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 6

Accepted Solution

by:
Sasa Kranjac earned 500 total points
ID: 39761286
You can reset administrator or any other account password following these steps:

1. boot the DC from the Windows Server 2012 Installation DVD/USB
2. after choosing language, time zone and keyboard layout, on Windows Setup window click Repair your computer
3. click Troubleshoot
4. under Advanced options click Command prompt
5. at the command prompt type following commands
d:
cd windows\system32
ren utilman.exe utilman.exe.old
copy cmd.exe utilman.exe
6. close the command prompt window
7. exit the Setup by clicking Continue and reboot the server
8. at the logon screen, click Windows+U
9. at the command prompt type: net user account SomePassword. Replace account with account name whose password you want to change. Replace SomePassword with password of your choice.
You should be able to log onto the server.
This procedure replaces accessibility utility with command prompt executable which you envoked at the logon screen. After changing the password(s) you should restore the file changes you've made by repeating steps 1-4 and:
5. at the command prompt type following commands:
copy utilman.exe.old utilman.exe
6. exit Setup and reboot. Remove any DVD/USB media from server.

Hope it helps.
0
 
LVL 1

Author Comment

by:MichaelBalack
ID: 39761459
Hi Sasa kranjac,

Thank for the detaied steps,i woll schedule to try it...
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39761585
The problem is not clear. Expired accounts are asked to change their pw at logon - so what problem do you have?
0
 
LVL 17

Expert Comment

by:Walter Curtis
ID: 39762080
There is a security setting which I have not seen before W2k12 that does not prompt one for a new password when they attempt to log in with an expired password. (As was the case in previous versions.)
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39762126
May I ask what you are refering to? I just tried it and expired an account and tried to logon to a 2012 Server - all normal, I was requested to change my pw.
0
 
LVL 17

Expert Comment

by:Walter Curtis
ID: 39762133
Then the setting has not be applied to your system. It is not out of the box, but a security setting that can be enabled if desired.
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39762186
Ok. Then we should search and find it in the GPO reference.
0
 
LVL 17

Expert Comment

by:Walter Curtis
ID: 39762236
0
 
LVL 1

Author Comment

by:MichaelBalack
ID: 39762298
Thanks for the helps form everyone. I also felt that it is a bit weird as in this case, the expired account didn't prompt for new password change. However, all these problem are feedback by my co-worker, in which he is onsite. I didn't got a chance to "visualize it" myself. I will scheduled to go onsite in few day's time.
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39762316
Time to clear up what we are talking about...
The author wrote "Now, in front of the DC..." which does not suggest that we are talking about RDP at all. Or are we?
0
 
LVL 17

Expert Comment

by:Walter Curtis
ID: 39762365
@MichaelBalack - no matter the terminology I know what you are experiencing because I have been there too in real life. You want to log in or need to log in and you can't. Really messes up your plan. Luckily I had colleagues that could log in and I could reset my password. Hope you get your problem solved and hope I was able to help some.
0
 
LVL 1

Author Comment

by:MichaelBalack
ID: 39762379
Hi SneekCo,

Thanks for your understanding, I will get the problem sorted out.

Thanks everyone, wait for my update in these few day...
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39762413
>  I have been there too in real life
Many have, including me :) The problem has been around since NLA (win 2008 Server/Vista). Not 2012 only and not induced by a non-Default policy. Simply NLA (default). Not patchable, see my own thread http://www.experts-exchange.com/Software/System_Utilities/Remote_Access/Q_28301279.html

So MichaelBalack, this is indeed RDP?
0
 
LVL 17

Expert Comment

by:Walter Curtis
ID: 39762494
Thanks for the information, good stuff.
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39762704
Capitano, are you out there?
0
 
LVL 6

Expert Comment

by:Sasa Kranjac
ID: 39763278
These comments are indeed all very valuable.
I have experienced various Windows Server behaviour - have been asked for expired password and have not been asked for the password. There is always solution for the problem but at the expense of the time required to solve it. In some cases I have chosen the fastest path to the solution.
Hope you are able to solve your problem.
0
 
LVL 1

Author Comment

by:MichaelBalack
ID: 39770147
Hi everyone,

My onsite visit has to be postponed to next Thursday, about a week to go. I will updates the founding and approaches. Hope can solve the problem.
0
 
LVL 1

Author Comment

by:MichaelBalack
ID: 39796183
Hi everyone,

Sorry to keep you guys waiting. I did a simple test by following the steps shown by Sasa, and it works perfectly. I have made appointment to be onsite to see the real thing.

This trick reminds me of back to NT 4 time, in which a rename of one *.exe file would allow you to have full access, right?
0
 
LVL 6

Expert Comment

by:Sasa Kranjac
ID: 39796636
I'm glad it worked.

Hehe, you're right. Back on NT4 you had to rename LOGON.SCR to CMD.EXE. After that you rebooted and waited for a "screensaver" to appear and voila! The rest is the same: net user...
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39797893
Hmm. Have you understood, what your problem is, capitano? Resetting a pw is one thing, being unable to change a pw via RDP is something totally different.
0
 
LVL 1

Author Comment

by:MichaelBalack
ID: 39798922
Hi McKnife,

Thanks for pointing out this important point.
0
 
LVL 1

Author Closing Comment

by:MichaelBalack
ID: 39805385
Great, it works like a charm
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39805821
Hmm, time to clear up what we had been llooking at here. Was it an RDP connection or not?
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
A procedure for exporting installed hotfix details of remote computers using powershell
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question