Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Change of Domain Administrator password

Posted on 2014-02-10
5
Medium Priority
?
491 Views
Last Modified: 2014-02-24
Hello,

I want to change the domain administrator's password in a Windows 2008 R2 domain. I need to make sure that I have all services that require administrator's authentication so as not to prevent them from running.
Would be grateful if anyone can assist or hint on some useful documentation.

Thanks a lot.
0
Comment
Question by:user_expert
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 39847688
If you are wanting to find out what services the "built-in administrator" account is using this will be a manual process, as the password is entered manually on the server when settign this up.

It is not a good practice using the administrator account to control services . I would recommend using a services account for this and using a prefix of something like "svc_name" and also setting your services accounts to "password never expires". This way you do not encounter issues like you are experiencing. That being said you will need to manually check all of your servers (services and scheduled tasks) to see if you have used the admin account to control these.

 Once you have done all of the leg work, changing the domain admin password is strightforward as it can be done in ADUC.

Will.
0
 
LVL 23

Assisted Solution

by:Radhakrishnan R
Radhakrishnan R earned 500 total points
ID: 39847697
Hi

Have a look at this thread http://www.techsupportforum.com/forums/f103/change-domain-admin-password-514212.html.

Also, i would suggest to create another domain admin user before resetting the root admin password. It will help in case something goes wrong.
0
 

Assisted Solution

by:Dinergy
Dinergy earned 500 total points
ID: 39847703
You can find such information via PowerShell. Examples below. Although, I would generally advise against using the Domain\Administrator account as a service credential.

get-wmiobject win32_service -comp <domain controller/server name> | Group Startname -NoElement | Sort Count

get-wmiobject win32_service -comp <domain controller/server name> -filter "Startname Like '%Administrator%'" | select name,startname

Etc., just play around with Get-WmiObject...
0
 
LVL 3

Assisted Solution

by:suribaba801
suribaba801 earned 500 total points
ID: 39847727
yep, you are in deeep trouble :))
you did not write down which services are configured manually with that password and on which computer/server.  i still think you have several options:

before doing anything i would recommand that you try the link below to determine if any scripts are configured manually:

http://www.activexperts.com/network-monitor/windowsmanagement/adminscripts/services/#ChangeServiceAccountPassword.htm

Another scenario would be to create a NEW domain admin and disable the current and see if you have any issues.  Because if you change your password anyways and you have some service running with that password configured manually, you will get continous account locked outs on the administrator account.

in that case the script below will help you to determine the location of the service that is running with that password:

http://blogs.technet.com/b/heyscriptingguy/archive/2012/12/27/use-powershell-to-find-the-location-of-a-locked-out-user.aspx

Please assign point if OK for you.

Happy troubleshooting!
0
 

Author Closing Comment

by:user_expert
ID: 39884108
Thanks a lot to all. It helped me to progress.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question