Thursday, February 21, 2008

Reset Domain Admin Account

Last week I somehow forgot the domain admin acct in my lab. I tried for 3 days to remember it and I finally came to the realization that I just wasn't going to. So I started looking around on the web for different things I could do. I wasn't really in a hurry cause my domain was running just fine.

I found many methods for changing the local admin acct, but not many for changing the domain admin acct in a windows 2003 domain controller. I did find this method here.

Anyway, I checked with an SE friend of mine on the windows support team at MS and he said that was a good method and told me to run with that one. Not that I minded, but I just didn't want to bring down my DC and take the time to copy all that stuff to floppy, etc. So I kept looking.

I finally had an idea that I just had to share with everybody. It's so simple it's scary.
I used the SysInternals tool psexec.exe. What it does is run programs remotely on the box of your choosing. The problem of course, is that you have to make an admin connection to that box, and if you could do that, you wouldn't have to use psexec to reset the password. So I looked at the help file for psexec and found a parameter that just amazed me. -s is its name.
What that does is tells psexec to connect with the local system acct of the remote box. And since the local system acct has full admin rights, you have the rights you need to change the admin password.

So at a command prompt go to the dir where you have psexec and type the following command:
psexec.exe -s \\machinename cmd
That tells you to bring up a command shell on the remote box and log in as the machine's local system acct. So now you've got a shell open on your box just like you were standing in front of the console on the remote box. Now you just type the command for changing the admin password: net user administrator newpassword

That's it. It's simple, elegant, beautiful, and it really saved my ass.
I hope this helps someone else.

Just for grins, here's a Camtasia I made of the process just to make it even easier. Click here

Here's an update to my original post. I sent this solution to a friend at MS and he found that it didn't work for him. After a little investigation, I discovered that it worked for me because I had the admin share on my DC mapped on my box and PSExec was using that IPC. You can read more about that here.

1 comments: said...

There are people abusing this information. I have been attacked for over two years and have almost lost my company. Someone made themselves the admin to my home computers and business computers. Then this person deleted files, websites, all sorts of damage was done. A police file has been made however no arrest as of yet. I am still only a local User. My husband is in does SQL and his mom DBA only people in my life who knows anything at all about computers and no one seems to know how to help me.

About Me

My Photo
Sean McCown
I am a Contributing Editor for InfoWorld Magazine, and a frequent contributor to as well as I live with my wife and 3 kids, and have practiced and taught Kenpo for 22yrs now.
View my complete profile


Blogumulus by Roy Tanck and Amanda Fazani

Page Views