Forgot the domain admin password?

First of all, you should never work with the "Administrator" account. Each admin should have his own account, for two reasons. First, it makes troubleshooting easier if an admin messes up. Second, if one admin forgets his password, another admin can reset it through Active Directory Users and Computers (ADUC). Whenever you reset a password, however, note that the corresponding account will no longer be able to access passwords stored in Internet Explorer or files that have been encrypted with EFS.

If you forgot the domain admin password, and no other administrator exists in this Windows domain, you can use the procedure below to reset the password. Note that the screenshots are for Windows Server 2012 R2 with Update. However, this guide also works for Windows Server 2012 and Windows Server 2008 R2.

With this password reset method, you have to boot from a second Windows installation. You then have to replace utilman.exe (the Utility Manager with ease-of-use functions such as the Narrator and Magnifier) on a domain controller with the command prompt (cmd.exe). Next, you'll boot up the machine where you forgot the password, click the Utility Manager icon on the logon screen to launch a command prompt, and then reset the password. Here is the step-by-step guide:

1. Boot from a Windows Server 2012 R2 DVD (or ISO file in a virtual environment) and click Next when Windows Setup loads.
   
2. Press SHIFT + F10 to open a command prompt.
   
3. At the command prompt, enter:
   
   1	move d:\windows\system32\utilman.exe d:\windows\system32\utilman.exe.bak

   
   Note: On Windows Server 2008 R2, you will most likely have to replace the drive letter d: with c:. If you are unsure about the drive letter, search for the drive that contains the Windows folder. The driver letter for the instance of Windows PE that started Windows Setup is x:.
   
4. Replace utilman.exe with cmd.exe:
   
   1	copy d:\windows\system32\cmd.exe d:\windows\system32\utilman.exe

   
   
5. Remove the boot media from the server and tell Windows PE to reboot:
   
   1	wpeutil reboot

   
   
6. Once your domain controller is running again, click the Utility Manager icon.
   
7. At the command prompt that (I hope) opened, reset the domain admin password with this command:
   
   1	net user administrator *

   
   
8. You can now close the command prompt and log on with the new password. However, mainly for security reasons, I highly recommend restoring the original utilman.exe. For this, you have to again boot Windows Server setup, follow steps 1-2, and then enter:
   
   1	move /y d:\windows\system32\utilman.exe.bak d:\windows\system32\utilman.exe

   
   (Replace the drive letter if Windows isn't installed on the d:)
   
9. After you removed the boot media, you can reboot the server again with
   
   1	wpeutil reboot

   
   

Obviously, this procedure can be used by anyone who has physical access to your servers. In my next post I will give you a few tips how you can prevent the Utilman.exe password reset trick.