Solved

Changing Windows Server 2008 R2 Domain Admin Password

Posted on 2015-01-12
3
421 Views
Last Modified: 2015-01-14
Recently had our main IT person left so we want to change the domain admin password.  We have one server in our environment, Server 2008R2.  We did some research on the impact and it looks like we need to double check any services/tasks that may be using the Admin account before changing the password.  So, we checked in Services and saw the backup software is using the Admin account.   Everything else listed is using Local System or Network Service.  Under Task Scheduler, we drill down to Task Scheduler Library, Microsoft, Windows, and see "Backup" running under the Admin account and nothing else.  Is there anything else we need to check for before changing the password?  And do we just log in as the admin and change it or is there another way it has to be done?  Thank you.
0
Comment
Question by:Jason92s
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 400 total points
ID: 40545718
First off you should not be using the domain admin username/password as a service account. Second you are correct, in regards to updating the password on any/all services/scheduled task that have passwords cached. You also might want to make sure that there are no scripts that run that use this username and password.

Changing a Domain Admin password in a well established environment should have no impact. Use service accounts for services and scheduled tasks. Also no one should be logging in with the domain admin account.

You should have something like this for users that need to have domain admin access.

Regular Account
wills

Domain Admin Account
admin-wills

Accounts should be separate IMO so that people don't mistakenly run a command from there regular login and mess things up. If they want to run administrative tasks or login to a server they should be using their admin-name account.

Now not everyone sets it up this way but i find that this is the more secure way of managing accounts.

Will.
0
 
LVL 78

Assisted Solution

by:arnold
arnold earned 50 total points
ID: 40545726
That should cover it.

To avoid such things in the future, might as well start now and create service accounts
One for the backup software to use, double check what rights it needs and have the user with those rights.
You might as well use the same backup account for the backup task.
0
 
LVL 3

Assisted Solution

by:roycbene
roycbene earned 50 total points
ID: 40545825
To add to Arnold's solution, service accounts DO NOT have to be Active Directory accounts. In fact, unless you are using them on multiple machines on the domain (i.e. if you are just using them to kick off scheduled tasks or something similar on the one server), then I would create the account on the relevant machine as a local user and give it the rights it needs.

-R
0

Featured Post

Free Webinar: AWS Backup & DR

Join our upcoming webinar with experts from AWS, CloudBerry Lab, and the Town of Edgartown IT to discuss best practices for simplifying online backup management and cutting costs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question