Options
Domain Admin Password...
I've never had to change a domain admin password before, but I do know it needs to be changed in different locations.
Does anyone know exactly which locations I would have to change it in??
Does anyone know exactly which locations I would have to change it in??
Comments
-
Options
meadIT
Member Posts: 581 ■■■■□□□□□□
What do you mean by domain password? If you mean the password you enter to add a DC to a domain, stuff like that, you're probably looking for the Domain Admins password. There could be many accounts and many different users with that authority. Check ADUC under the Domain Admins group.CERTS: VCDX #110 / VCAP-DCA #500 (v5 & 4) / VCAP-DCD #10(v5 & 4) / VCP 5 & 4 / EMCISA / MCSE 2003 / MCTS: Vista / CCNA / CCENT / Security+ / Network+ / Project+ / CIW Database Design Specialist, Professional, Associate -
Options
arwes
Member Posts: 633 ■■■□□□□□□□
ADUC, go the OU containing the account you need to reset. Right click, and reset password. Well, that's the way I do it anyways. Unless I'm reading your post wrong.[size=-2]Started WGU - BS IT:NDM on 1/1/13, finished 12/31/14
Working on: Waiting on the mailman to bring me a diploma
What's left: Graduation![/size] -
OptionsmeadIT
Member Posts: 581 ■■■■□□□□□□
FadeToBright wrote: »Last edited by FadeToBright; Today at 11:36 AM.
There you go editing to clarify your posts while I'm replying again.
CERTS: VCDX #110 / VCAP-DCA #500 (v5 & 4) / VCAP-DCD #10(v5 & 4) / VCP 5 & 4 / EMCISA / MCSE 2003 / MCTS: Vista / CCNA / CCENT / Security+ / Network+ / Project+ / CIW Database Design Specialist, Professional, Associate -
Options
HeroPsycho
Inactive Imported Users Posts: 1,940
Before you do it, I would highly recommend you verify no critical apps are using the account as a Service account. You can do that easily via a script.
Also, make sure you have an additional account with the same rights in case that account gets locked because someone logged into an RDP session or something with that password with drives mapped, and causes the account to get locked.Good luck to all! -
Options
vCole
Member Posts: 1,573 ■■■■■■■□□□
HeroPsycho wrote: »Before you do it, I would highly recommend you verify no critical apps are using the account as a Service account. You can do that easily via a script.
Also, make sure you have an additional account with the same rights in case that account gets locked because someone logged into an RDP session or something with that password with drives mapped, and causes the account to get locked.
How would I do this with a script?? -
Options
Claymoore
Member Posts: 1,637
Here is a link to a Powershell script that will check a list of servers (just export a list from ADUC) for any non-standard service accounts:
Finding Services Using non-System Accounts With PowerShell - Michael's meanderings...
I thought a had a simpler version from the 2008 Security ResKit that I modified to output to a text file, but it must be on a flash drive at home somewhere. I'll post it if I find it tonight. -
Options
Ahriakin
Member Posts: 1,799 ■■■■■■■■□□
Also verify you are not using EFS encrypted files for the admin. If so change the password while you are logged in to that account. Doing a reset from ADUC will break your encryption key store access.We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
