Announcement

Collapse
No announcement yet.

Changing domain admin password

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Changing domain admin password

    Windows 2003 servers -12 total. Two are DC's.

    what is the best practice to change the domain admin password?

    IT structure changes coming up and I want to change the Domain Admin password.

  • #2
    Re: Changing domain admin password

    Reset the password via ADUC one one of the DCs, this change will replicate instantly.

    I assume no-one is actively using this account to logon?

    If, for any reason, any services are configured to run using this account (please say there aren't) then the password will need resetting there too.

    Last edited by Hanley; 1st March 2010, 23:11.

    Comment


    • #3
      Re: Changing domain admin password

      Originally posted by Hanley View Post
      Reset the password via ADUC one one of the DCs, this change will replicate instantly.

      I assume no-one is actively using this account to logon?

      If, for any reason, any services are configured to run using this account (please say there aren't) then the password will need resetting there too.

      thanks for the reply. I just wanted to double check & no, no services are using the current password. Once again, thanks!

      Comment


      • #4
        Re: Changing domain admin password

        Originally posted by Hanley View Post
        I assume no-one is actively using this account to logon?

        If, for any reason, any services are configured to run using this account (please say there aren't) then the password will need resetting there too.


        Assuming you have taken over a domain that may not have used the best practices and used the domain admin account for day to day logins as well as services, scheduled tasks & 3rd party applications, and you had to change the domain admin password pretty sharpish, what would you do to make sure you didn't break anything?

        I have read many forum posts about all sorts of scripts that you can run, but would much prefer some sort of GUI interface [chicken I know, but less likely to mess it up even more] that can go through and list it all per server for me. Am I asking for too much?

        Comment


        • #5
          Re: Changing domain admin password

          First create a backup admin account - just incase.

          THEN troll through all your services on each server make sure none are set to login as the admin account. If they are change them to another user with the correct rights.

          Then and only then change the admin account password.
          Allen White
          MCSE,MCSA,MCITP,MCTS,CCA,CCSP,VCP

          Comment


          • #6
            Re: Changing domain admin password

            List of things to check that may be using the domain admin account (some have already been mentioned here):

            1. Services
            2. Scheduled Tasks
            3. Applications

            Comment


            • #7
              Re: Changing domain admin password

              No need to overreact on this IMO. Just change the password. It is good practice to change 'em regularly anyway ( Like underpants ).
              If there are any services or apps running with those credentials you'll soon find out, and create an appropriate account for those instead.
              Caesar's cipher - 3

              ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

              SFX JNRS FC U6 MNGR

              Comment


              • #8
                Re: Changing domain admin password

                Underpants? People wear underpants (what are they)
                Last edited by biggles77; 9th April 2010, 17:14.
                1 1 was a racehorse.
                2 2 was 1 2.
                1 1 1 1 race 1 day,
                2 2 1 1 2

                Comment


                • #9
                  Re: Changing domain admin password

                  Are you sure you're not a Scotsman?
                  Tom Jones
                  MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                  PhD, MSc, FIAP, MIITT
                  IT Trainer / Consultant
                  Ossian Ltd
                  Scotland

                  ** Remember to give credit where credit is due and leave reputation points where appropriate **

                  Comment

                  Working...
                  X