Announcement

Collapse
No announcement yet.

Any issues when reseting password on domain admin (was: Stupid questions....)

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Any issues when reseting password on domain admin (was: Stupid questions....)

    Hi all,

    I'm new to this forum and I have a stupid question...please be gentle!

    If you know the domain admin password, can't you just log into a DC, open Active Directory Users and Groups, right click the Administrator account and select Reset Password from the context menu and let replication take care of the rest?!?!?!

    I guess my more important question is, what's going to break when I reset this password!!! This is why I'm planning on doing this on a Saturday!

    If someone could give me a quick answer, I would be very appreciative!

    Thanks for your time in advance!

    sax

  • #2
    Re: Stupid questions....

    Originally posted by saxophobe View Post
    Hi all,

    I'm new to this forum and I have a stupid question...please be gentle!

    If you know the domain admin password, can't you just log into a DC, open Active Directory Users and Groups, right click the Administrator account and select Reset Password from the context menu and let replication take care of the rest?!?!?!

    I guess my more important question is, what's going to break when I reset this password!!! This is why I'm planning on doing this on a Saturday!

    If someone could give me a quick answer, I would be very appreciative!

    Thanks for your time in advance!

    sax
    First, you need a better title.

    Second, some props for posting in the correct forum.

    Third, what is your problem / what exactly are you trying to do??? Reset the domain admin password? Your post is unclear as you seem concerned about something that may not be a concern.

    Fourth, how are you "planning" on doing whatever and what are your concerns in attempting this? "Planning" implies you have a plan. What is your plan?
    Last edited by rvalstar; 22nd January 2007, 22:25.
    Cheers,

    Rick

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    2006-2099 R Valstar. This post is offered "as is" for discussion purposes only with no express or implied warranty of any kind including, but not limited to, correctness or fitness for use. Nothing herein shall be construed as advice. Attempting any activity based on information in this post is done at your own risk.

    Comment


    • #3
      Re: Stupid questions....

      Thanks for the quick reply Rick!

      I thought it best to be honest. I'll be more creative next time!

      Thanks! I try to be correct.

      We need to change the domain admin password as we have had a lot of consultants on site that were given this password by a former employee, and I would like to make sure there isn't any unauthorized access going on.

      Right now, I am in the research phase of the above objective and want to make sure there are no hidden surprises that I should know about. I know there is going to be things that break when we do this, and I'm trying to keep that down to a minimum.

      In any case, I really appreciate your time!

      Thanks!

      sax

      Comment


      • #4
        Re: Stupid questions....

        You should be able to and you should change the domain admin password on a periodic basis. Now, you may find folks hooked services, shares, whatever into that account and password. Make sure you have a new, alternate account in the domain admins group in case numerous tries w/ the old password lock this one out.
        Cheers,

        Rick

        ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

        2006-2099 R Valstar. This post is offered "as is" for discussion purposes only with no express or implied warranty of any kind including, but not limited to, correctness or fitness for use. Nothing herein shall be construed as advice. Attempting any activity based on information in this post is done at your own risk.

        Comment


        • #5
          Re: Stupid questions....

          Thanks again for the time, Rick!

          Once I have this completed, I will post back and let everyone know the results. Don't expect to hear back from me soon on this one, I have a hard time getting a maintenance window around here.

          Thanks again!

          sax

          Comment


          • #6
            Re: Stupid questions....

            Don't know your server count but do try to see if services / shares are connected using the domain admin before the password change and DO make that alternate domain admin account. Also, be prepared to roll back to the old password. In other words, make the password change before the beginning of a work day vs. after 5 PM on Friday so you can catch the fallout.
            Last edited by rvalstar; 22nd January 2007, 23:08.
            Cheers,

            Rick

            ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

            2006-2099 R Valstar. This post is offered "as is" for discussion purposes only with no express or implied warranty of any kind including, but not limited to, correctness or fitness for use. Nothing herein shall be construed as advice. Attempting any activity based on information in this post is done at your own risk.

            Comment


            • #7
              Re: Stupid questions....

              Good suggestions! Will do!

              Thanks again!

              sax

              Comment


              • #8
                Re: Stupid questions....

                Hi, saxophobe.
                Please notice that whenever you use the Reset Password from the Active Directory Users and Computers, you are changing the password from the management-level, and not from the user-level. This means, that the tokens for the specific user are not replaced as they should be. If you have encrypted files of that user, they will be lost. Unless you backed up the key earlier.
                To backup the EFS PK: http://support.microsoft.com/kb/241201
                I would suggest you read this article: http://technet2.microsoft.com/Window....mspx?mfr=true. It deals with different ways of changing a user's password and the differences between them. I would change the password from within the user, by clicking Alt+Ctrl+Del and clicking the Change Password button.
                Another potential damage is services running under this user's credentials.There can be a lot of them, all over the Enterprise. to know which service on which machine is running under what credentials, I suggest you use Hyena. It has a trial version. Take a look at the attached screenshot.

                Hope this info helped. Good luck.
                Last edited by sorinso; 9th November 2007, 21:08.

                Sorin Solomon


                In order to succeed, your desire for success should be greater than your fear of failure.
                -

                Comment

                Working...
                X