Reset Domain Administrator Password
“Help! I cannot log onto my server, how do reset the domain admin’s password?” This has been asked a thousand times. Rather than continually advising folk or posting elsewhere I thought it best to blog a few methods and in future provide a link to this site, feel free to do so yourself as well. Hopefully the following information will be used in a responsible manor. Keep in mind none of the following is my original material though have tried to give credit when possible. Use at your own risk, there are no guarantees or warrantees associated with any of the material below, and make sure you back up anything you can still access through shares and such before attempting. I have tried other methods not listed below that have corrupted Active Directory and resulted in server rebuilds or restores, so a backup is critical.
If it is a Domain Controller most of the free or inexpensive password tools will not work. You can buy enterprise software that will do the job, the most common being:
http://www.lostpassword.com/windows-enterprise.htm
Alternatively, the following is free, works well, but it involves many steps. Basically you reset the ASR password and then create a service that will automatically run when the server restarts to reset the password. To fully understand all the details, make sure you review all of the links within the article. http://www.petri.co.il/reset_domain_admin_password_in_windows_server_2008_ad.htm
There is a newer method that is easier with Server 2008 / Server 2008 R2 / SBS 2008 / SBS 2011 (I have not tested on server 2003, though the necessary files do exist). The original site outlining this seems to be off-line so I have posted the contents of the original site below. However, in an attempt to give credit to the author the original site link was: http://fracktured.com/2010/09/03/how-to-reset-lost-sbs-2008-domain-admin-password/ There is also a video outlining the same process that has since been posted at: http://www.youtube.com/watch?v=Ar-VoO9ogHc&feature=player_embedded#
The steps are as follows:
· Restart the server and boot to the DVD
· After selecting the appropriate installation language, select Repair Your Computer
· Start command prompt, and change the command line path to C:\ by entering c:\
· Enter cd c:\windows\system32
· Enter ren utilman.exe *.bak
· Enter copy cmd.exe utilman.exe
· Restart the server. this time do not boot to the DVD, just boot normally
· At the login screen, press the Windows+U keys on your keyboard. this will bring up the command prompt
· Enter net user [server admin username] [new password]
· On a regular Server 2008 install, [server admin username] will probably be administrator, but it could be any domain username with domain admin rights. [new password] will be the new password you want to set. If password complexity is enabled (which is the default on Server 2008) you will need have some UPPER case letters and/or numbers and/or symbols in the password.
· On SBS 2008, the administrator account is disabled by default. Even if you reset the administrator password, you still won’t be able to login because the account will still be disabled. Instead of administrator, you would use the server admin user name that was used when the server was first setup. If you don’t know the user name, you can enter net user to get a list of all domain user accounts. It won’t show you what users have what privileges, but it could help jog your memory.
· Now go back to the login screen and log in with the user name and new password you just set. for user name, be sure to use the domain\username format
· Once you have verified that you can log in with the new password, repeat steps 1-4
· Enter ren utilman.bak *.exe
· Restart the server and boot normally
LAN-Tech Network Management 