Administrator password needs to be reset and cant access Active Directory

I have a Windows 2016 Server (Standard).  A former employee changed the Administrator password and no one knows what it is.  I have tried different password hacking programs and cant access the SAM file. (password reset and top-password)  I tried a hack changing the Utilman program and logging on with a DOS prompt, but that didn't work either.  Unfortunately, this server is a secondary domain controller and when the password was changed, it propagated to the primary DC and it changed there too.
I have a domain admin login that allows me to log in, but when I got to AD to try to reset the Administrator password I get this error:

"The snap-in below, referenced in this document, has been restricted by policy".  I cant get in AD, and I cant get into group policy to make changes either.

Does anyone have any suggestions on how i can reset the Administrator password?
webaddosolAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Lee W, MVPTechnology and Business Process AdvisorCommented:
I tried a hack changing the Utilman program and logging on with a DOS prompt, but that didn't work either.
Unless you enabled bitlocker (in which case you wouldn't have been able to rename utilman) this should have worked.  Never seen an instance where it didn't.  What happened when you tried. (You've not said how anything has failed to work, just that it did - you also haven't indicated what, EXACTLY you tried so we don't know if you tried the utilman thing but missed a crucial step).
0
65tdRetiredCommented:
0
webaddosolAuthor Commented:
Tried that exact process and when trying to change Utilman file it says Access Denied.
0
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

gilnovSystems AdministratorCommented:
Is the domain admin account a member of the local administrators group on the server in question?
0
webaddosolAuthor Commented:
Not sure. And since I can't access active directory, I can't check to see.
0
gilnovSystems AdministratorCommented:
Are you unable to open Computer Management as well?
0
webaddosolAuthor Commented:
I am able to access computer management.
0
gilnovSystems AdministratorCommented:
Look in local users and groups to see if the domain admin account you are logged in with is a member of the Administrators local group on that server.
0
gilnovSystems AdministratorCommented:
Actually, you're looking to see if the Domain Administrators group is a member of the local administrators group. Sorry for the confusion.
0
webaddosolAuthor Commented:
Local users is not there. Probably because this is a domain controller.
0
gilnovSystems AdministratorCommented:
Right you are. Forgot about that bit.

Is this a VM or physical server? If physical (and it's not remote), have you tried logging in at the physical console to change the local admin password?

If remote, install RSAT on your computer and use that to change the password. Here's the latest: https://www.microsoft.com/en-us/download/details.aspx?id=45520

PowerShell might help too but I'm no expert. There are some cmdlets in RSAT that may help. Maybe someone else here can chime in.
0
webaddosolAuthor Commented:
This is  a physical server.  How would I change the local Administrator account?  It seems he changed that password too, since what we have on file is not working locally.
0
gilnovSystems AdministratorCommented:
What I'm confused about is why the domain admin can't open ADUC. That's odd and that's why I suggested logging on at the console as domain admin and try to open ADUC to change the password.
0
gilnovSystems AdministratorCommented:
No wait...long day. No local accounts in ADUC. Regrouping.
0
Lee W, MVPTechnology and Business Process AdvisorCommented:
Tried that exact process and when trying to change Utilman file it says Access Denied.

Then you didn't pick the right file.  Utilman works when it's done right.  Try again.  It's quick.  Make sure you choose the right DRIVE LETTER for your windows install.  Take pictures (you have a smartphone with a camera, right?  Post pictures of any failures).
0
Shaun VermaakTechnical Specialist/DeveloperCommented:
Use this process to get password hashes from NTDS and SYSTEM registry file, after that use hashkiller or the like to get password
https://www.experts-exchange.com/articles/29569/How-to-extract-hashes-from-IFM-backup.html
0
webaddosolAuthor Commented:
Ok, I was able to get the password hashes using this thread, thanks!  However, I have tried several different hashkillers and I cant figure out how to use them to get that password.  Any suggestions on a very user friendly one?
0
Shaun VermaakTechnical Specialist/DeveloperCommented:
I wrote my own custom one but you can try HashKilller
https://www.hashkiller.co.uk/md5-decrypter.aspx
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
webaddosolAuthor Commented:
Thanks for all the help everyone.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2016

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.