?
Solved

SBS 2008 - Forgotten Domain Admin Password

Posted on 2014-02-24
14
Medium Priority
?
752 Views
Last Modified: 2014-03-03
Hi,

I have a bit of a problem... A client has changed the administrator password on their server at the expiry date and now has forgotten what the password is! This has left me in a bit of a mess as i need to be able to resolve issues on their network and now cant.

Here's where i'm currently at with it, and since i've practically pulled all my hair out today i'd really like some other hints!
I have discovered that you can login to the system with another user account, but of course this is not local admin or domain admin so i can not reset passwords. Using this account i did try the net user command from CMD but got a permission denied error as expected.
I've tried using the SBS2008 disc going into repair and running CMD, but this utility doesn't see the server hard drive!
I've downloaded this: http://www.stellarinfo.com/password-recovery/windows-server-password-recovery.php and this does seem to have got me somewhere, but here's the problem i then get... Firstly, their application crashed resetting the password the first time, so i restarted the server in hope and this time it seemed slightly promising! The server actually went through applying computer settings on reboot, but then changed to 'Applying default security policy' which it's never done before. Still, it didn't work.
So the next time, i ran the software and used CMD once in, firstly i ran 'net user Administrator /active:yes' followed by 'net user Administrator PASSWORDHERE'. All changes applied successfully, but upon reboot, it ran the same security policy setting and needless to say the administrator account isn't.

Now I've reached the end of my thoughts, what can i do? Reinstalling the server software simply isn't an option. Fundamentally everything works.... i just can't change anything!

Any help really would be greatly appreciated and to whoever helps resolve it, i may consider sending a packet of Biscuits!

Josh
0
Comment
Question by:joshhough
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
  • 2
14 Comments
 
LVL 39

Expert Comment

by:Philip Elder
ID: 39883650
Go here: http://bit.ly/1dAmLT7

Crack the Cred Episode 105.

Watch the video and write down the steps.

Go to your SBS 08 DC and run through the steps. You need a bootable flash drive (we use Win7 OS).

Make sure you rename things by booting back into the flash based OS!

EDIT: Make sure to have the driver for the RAID controller handy just-in-case.

Philip
0
 
LVL 96

Accepted Solution

by:
Lee W, MVP earned 2000 total points
ID: 39883656
I've tried using the SBS2008 disc going into repair and running CMD, but this utility doesn't see the server hard drive!

This is because the Windows DVD doesn't have drivers for the disk controller.  Load them and it will see the drive.  OR use a Windows 7 or Windows 8 or Server 2012 CD / Flash drive.

Check out the 5th episode of Crack The Cred at http://www.scorpionsoft.com/videos/crackthecred 

(Also, it looks like - if I'm interpreting what you did correctly - when you reset the password with Net User you were resetting it for the CD's instance of the administrator account - not the servers.  That's why didn't work.  Follow the 5 minute crack the cred video and you should be fine (if what you did before doing that didn't corrupt something)).
0
 
LVL 1

Author Comment

by:joshhough
ID: 39883841
Hi,

Thanks for your suggestions. In fact, i'm almost sure i didnt reset the CD's instance as the reset to the password was done once booting into Directory Services Restore Mode.

Thanks,

Josh
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 39

Expert Comment

by:Philip Elder
ID: 39883873
We've used the indicated method in the video many times to run a reset operation on a DC.

It works very well without needing any kind of third party product(s) or DSRM (which requires the original password if not reset at some time).

Philip
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 39883920
Directory services restore mode is not the same thing.  Please follow the directions Philip and I posted.  I too have done this procedure several times with 100% success doing it as described in the video.
0
 
LVL 1

Author Comment

by:joshhough
ID: 39887092
Sorry, i'm lost. The video you suggested is for the Samsung Galaxy, how do the steps apply to Small Business Server 2008?
0
 
LVL 39

Expert Comment

by:Philip Elder
ID: 39887126
Hover over the right hand side to get the playlist.
PlaylistPhilip
0
 
LVL 1

Author Comment

by:joshhough
ID: 39887164
Ah, brilliant thanks. I've tried this though, but i can't get the repair wizard to show the installation of SBS 2008, even though its the same media.

Otherwise this was my first step. When i then go into CMD, it doesn't show drive C.
0
 
LVL 1

Author Comment

by:joshhough
ID: 39887181
As i can get local access, i haven't tried accessing c itself, i'll try this when i'm in tomorrow, but can i put Utilman in the right place through being logged in? then i wouldn't need the install media to be able to access the hard drives?

Or does it require admin rights to access System32?

Thanks,

Josh
0
 
LVL 39

Expert Comment

by:Philip Elder
ID: 39887186
We use a flash drive with Windows 7 x64 OS that is bootable (it is used to install the OS). We flip to the repair option and CMD from there. In this case we would run with a Windows Server 2008 R2 or 2012 RTM/R2 based bootable flash drive.

Then we run the steps indicated in the video.

You need the RAID controller driver as well if it is something out of the ordinary and not picked up by the in-box driver set.

Philip
0
 
LVL 1

Author Comment

by:joshhough
ID: 39887242
Hi Philip,

Thanks for the suggestion. Interestingly, its a Fujitsu Server with an LSI raid card - the MegaRaid or something - A Primergy TX110 S1 (i think). The disc i use is the disc that came with the server which i used for the original OS install. Odd how now it doesn't pick it up.

Thanks,

Josh
0
 
LVL 1

Author Comment

by:joshhough
ID: 39888691
Hi,

Here's where i'm at now. I havent been able to turn the server off as its working hours, but i did login to the server using an account that is not a local admin. This account however, is able to see the whole of the c drive. Where should UTILMAN be located for this to work? I can manually copy/paste it without needing the setup disc if anyone knows.

Currently its in C:\Windows\System32\Utilman.exe. If i log out, and press windows key and U, currently it just brings up ease of access.

Any help, again, greatly appreciated.

Thanks,

Josh
0
 
LVL 39

Expert Comment

by:Philip Elder
ID: 39890484
Josh,

The only way to do it is to follow the steps exactly as they are outlined in the video.

Philip
0
 
LVL 1

Author Comment

by:joshhough
ID: 39899901
Hi All,

Thanks for your help. Following the video step by step i got there and managed to get in and reset the password.

Thanks,

Josh
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
Let's recap what we learned from yesterday's Skyport Systems webinar.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question