Domain Admin Password...

vColevCole Member Posts: 1,573 ■■■■■■■□□□
I've never had to change a domain admin password before, but I do know it needs to be changed in different locations.


Does anyone know exactly which locations I would have to change it in?? icon_redface.gif

Comments

  • meadITmeadIT Member Posts: 581 ■■■■□□□□□□
    What do you mean by domain password? If you mean the password you enter to add a DC to a domain, stuff like that, you're probably looking for the Domain Admins password. There could be many accounts and many different users with that authority. Check ADUC under the Domain Admins group.
    CERTS: VCDX #110 / VCAP-DCA #500 (v5 & 4) / VCAP-DCD #10(v5 & 4) / VCP 5 & 4 / EMCISA / MCSE 2003 / MCTS: Vista / CCNA / CCENT / Security+ / Network+ / Project+ / CIW Database Design Specialist, Professional, Associate
  • arwesarwes Member Posts: 633 ■■■□□□□□□□
    ADUC, go the OU containing the account you need to reset. Right click, and reset password. Well, that's the way I do it anyways. Unless I'm reading your post wrong.
    [size=-2]Started WGU - BS IT:NDM on 1/1/13, finished 12/31/14
    Working on: Waiting on the mailman to bring me a diploma
    What's left: Graduation![/size]
  • meadITmeadIT Member Posts: 581 ■■■■□□□□□□
    Last edited by FadeToBright; Today at 11:36 AM.

    There you go editing to clarify your posts while I'm replying again. icon_razz.gif
    CERTS: VCDX #110 / VCAP-DCA #500 (v5 & 4) / VCAP-DCD #10(v5 & 4) / VCP 5 & 4 / EMCISA / MCSE 2003 / MCTS: Vista / CCNA / CCENT / Security+ / Network+ / Project+ / CIW Database Design Specialist, Professional, Associate
  • HeroPsychoHeroPsycho Inactive Imported Users Posts: 1,940
    Before you do it, I would highly recommend you verify no critical apps are using the account as a Service account. You can do that easily via a script.

    Also, make sure you have an additional account with the same rights in case that account gets locked because someone logged into an RDP session or something with that password with drives mapped, and causes the account to get locked.
    Good luck to all!
  • vColevCole Member Posts: 1,573 ■■■■■■■□□□
    HeroPsycho wrote: »
    Before you do it, I would highly recommend you verify no critical apps are using the account as a Service account. You can do that easily via a script.

    Also, make sure you have an additional account with the same rights in case that account gets locked because someone logged into an RDP session or something with that password with drives mapped, and causes the account to get locked.


    How would I do this with a script??
  • HeroPsychoHeroPsycho Inactive Imported Users Posts: 1,940
  • vColevCole Member Posts: 1,573 ■■■■■■■□□□
  • ClaymooreClaymoore Member Posts: 1,637
    Here is a link to a Powershell script that will check a list of servers (just export a list from ADUC) for any non-standard service accounts:
    Finding Services Using non-System Accounts With PowerShell - Michael's meanderings...

    I thought a had a simpler version from the 2008 Security ResKit that I modified to output to a text file, but it must be on a flash drive at home somewhere. I'll post it if I find it tonight.
  • AhriakinAhriakin Member Posts: 1,799 ■■■■■■■■□□
    Also verify you are not using EFS encrypted files for the admin. If so change the password while you are logged in to that account. Doing a reset from ADUC will break your encryption key store access.
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
Sign In or Register to comment.