Solved

Changing Windows Server 2008 R2 Domain Admin Password

Posted on 2015-01-12
3
447 Views
Last Modified: 2015-01-14
Recently had our main IT person left so we want to change the domain admin password.  We have one server in our environment, Server 2008R2.  We did some research on the impact and it looks like we need to double check any services/tasks that may be using the Admin account before changing the password.  So, we checked in Services and saw the backup software is using the Admin account.   Everything else listed is using Local System or Network Service.  Under Task Scheduler, we drill down to Task Scheduler Library, Microsoft, Windows, and see "Backup" running under the Admin account and nothing else.  Is there anything else we need to check for before changing the password?  And do we just log in as the admin and change it or is there another way it has to be done?  Thank you.
0
Comment
Question by:Jason92s
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 400 total points
ID: 40545718
First off you should not be using the domain admin username/password as a service account. Second you are correct, in regards to updating the password on any/all services/scheduled task that have passwords cached. You also might want to make sure that there are no scripts that run that use this username and password.

Changing a Domain Admin password in a well established environment should have no impact. Use service accounts for services and scheduled tasks. Also no one should be logging in with the domain admin account.

You should have something like this for users that need to have domain admin access.

Regular Account
wills

Domain Admin Account
admin-wills

Accounts should be separate IMO so that people don't mistakenly run a command from there regular login and mess things up. If they want to run administrative tasks or login to a server they should be using their admin-name account.

Now not everyone sets it up this way but i find that this is the more secure way of managing accounts.

Will.
0
 
LVL 78

Assisted Solution

by:arnold
arnold earned 50 total points
ID: 40545726
That should cover it.

To avoid such things in the future, might as well start now and create service accounts
One for the backup software to use, double check what rights it needs and have the user with those rights.
You might as well use the same backup account for the backup task.
0
 
LVL 3

Assisted Solution

by:roycbene
roycbene earned 50 total points
ID: 40545825
To add to Arnold's solution, service accounts DO NOT have to be Active Directory accounts. In fact, unless you are using them on multiple machines on the domain (i.e. if you are just using them to kick off scheduled tasks or something similar on the one server), then I would create the account on the relevant machine as a local user and give it the rights it needs.

-R
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

To effectively work with Diskpart on a Server Core, it is necessary to write some small batch script's, because you can't execute diskpart in a remote powershell session. To get startet, place the Diskpart batch script's into a share on your loca…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question