[!Top.htm]

 

[menus/left_new.htm]
 

By: Daniel Petri

Forgot the Administrator's Password? - Reset Domain Admin Password in Windows 2000 AD

Note: In order to successfully use this trick you must first use one of the password resetting tools available on the Forgot the Administrator's Password? page.

The reason for that is that you need to have the local administrator's password in order to perform the following tip, and if you don't have it, then the only method of resetting it is by using the above tool.

Featured Product

Windows Key by LostPassword.com - Use this easy tool to reset any Windows local or domain controller password in a minute. Money-back guarantee. Download FREE version now!

Read more about that on the Forgot the Administrator's Password? page.

Update: You can also discuss these topics on the dedicated Petri.co.il Forgot Admin Password Forum.

Lamer note: This procedure is NOT designed for Windows XP, nor will it work on Windows Server 2003. For that you should read the Forgot the Administrator's Password? - Change Domain Admin Password in Windows Server 2003 AD page.

Reader John Simpson added his own personal note regarding the changing of Domain Admin passwords on Windows NT domains and Windows 2000 Active Directory domains (HERE). I will quote parts of it (thanks John!):

As stated above, the very useful "Offline NT Password & Registry Editor boot disk" will only let you reset the password for the MACHINE Administrator account, not the DOMAIN Administrator account. As you probably know, on a Windows 2000 server which is an Active Directory controller, you CANNOT log into any machine-level account. Which means that resetting the MACHINE Administrator password is pretty much useless.

Or so it would seem. It turns out that "Directory Service Recovery Mode" uses the MACHINE-level accounts, since the whole point of this mode is that the AD control databases may be corrupted and you need a way to manually edit them (presumably using some high-priced third-party software package...)

I (John Simpson - DP) was able to reset the password on the DOMAIN Administrator account using the following procedure:

  1. Use the Offline NT Password & Registry Editor disk to reset the MACHINE Administrator password to "no password".

  2. Reboot, hit F8, and enter "Directory Service Recovery Mode". The machine will boot up as a standalone server without any Active Directory support.

  1. When the login screen appears, hit CTRL-ALT-DEL and log in as "Administrator" with no password. This is the MACHINE Administrator account, and does not have the ability to modify anything specific involving the Active Directory information, although it can backup and restore the physical files which contain the AD databases.

  2. Run "REGEDIT.EXE" (without the quotes). Navigate to

HKEY_USERS\.Default\Control Panel\Desktop

Lamer note: Make sure you write down the default values BEFORE changing them. You could also just PRINT SCREEN your registry editor display. The best option is to just backup the values to a .REG file by selecting the DESKTOP key and then selecting EXPORT from the FILE menu.

After you made sure you know what the default values are, change the following values:

SCRNSAVE.EXE - change from logon.scr to cmd.exe

ScreenSaveTimeout - change from 900 to 15

ScreenSaveActive - change to 1 (if it wasn't 1 already)

  1. Reboot normally. When the box appears asking you to hit CTRL-ALT-DEL to log in, just wait.

After 15-30 seconds you will see a command prompt appear (since that is the screensaver).

  1. In the command prompt, type the following command:

MMC DSA.MSC

Lamer note: There is a space character between the "mmc" and the "dsa.msc". Also, note that the DSA.MSC file is usually located in the SYSTEM32 subfolder of your WINDOWS or WINNT folder.

More lamer notes: DSA.MSC is actually the executable name for Active Directory Users and Computers, which in turn is the main tool for managing users, groups and computers in Windows 2000 Active Directory.

This should bring up the management console where you can edit users' passwords, including the password for the Administrator account.

  1. After resetting the Administrator password, exit the management console and type the command EXIT in the command prompt window.

  2. Hit CTRL-ALT-DEL and log into the DOMAIN Administrator account using the new password!

Don't forget to undo the changes you made to the registry (see step #4, lamer note), or you will always have a command prompt with Domain Administrator rights appear whenever somebody logs out.

Related articles

You may find these related articles of interest to you:

New:

 
[incl/signup.htm]

up

back

 

Page updated: 03-06-2008
[menus/right_new.htm]
  Copyright © 2007 Blue Whale Web No portion may be reproduced without my written permission. Microsoft, MS-DOS, Windows, Windows 2000, Windows XP, Windows Server 2003, Windows NT, Windows 98, Windows 95 are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A. and other countries. All other names are registered trademarks of their respective companies. Should any right be infringed, it is totally unintentional. Send me an e-mail and I will promptly and gladly rectify it. All external sites will open in a new browser. Petri.co.il does not endorse external sites and is not responsible for their content. For broken links, site problems - please send Feedback.