Today I encountered the situation where I had to do some administrative work on a server that no one knew the domain administrator password for.  The following are the steps I used to reset the domain administrator password, I have tried to make it as foolproof as possible.  This was performed on Microsoft Windows Server 2003 but will also work on server 2008.

The only two things you need to reset the domain admin password is the local administrator password (which can also easily be reset, but that is another post) and two files that are part of the Microsoft Windows Server 2003 Resource Kit Tools.

First off you should prepare the two files you will need from the resource kit.  Download the resource kit, install the toolkit, and copy the files srvany.exe and instsrv.exe to a folder named “temp” on a thumbdrive or cd.  Then boot the domain controller into directory services restore mode.  This can be done through pressing F8 at bootup the same as if you were entering safe mode.  After this you will need to copy the temp folder that you placed the files srvany.exe and instsrv.exe in to the root of the c:.  After this you will go to run and type CMD and hit enter.  (Note: I will use put command in between dashes – example command – so you know what exactly to type, do not include the dashes when typing.)  Type – cd.. – and hit enter, repeat this until the prompt shows c:\.  Type – cd temp – hit enter, then – instsrv PassRecovery “C:\temp\srvany.exe” -

After receiving the notice that the previous task completed you can close the command prompt.  Go to run and type regedit and hit enter.  Go to HKLM>System>CurrentControlSet>Services>PassRecovery.  Create a new subkey called Parameters.  Do this by right clicking on PassRecovery and selecting new key.  Add two new strings to this new subkey.  The first of which will be called Application and the value will be c:\temp\cmd.exe  The second will be called AppParameters and the value will be – /k net user administrator yourP@ssword1 /domain -  Remember to not include the dashes…  Replace yourP@ssword1 with a password that will be complaint with your domain policy.  The next step will be to copy cmd.exe from C:\windows\system32 to C:\temp.  The final step will be to go to run, type services.msc hit enter.  Look for PassRecovery and go to its properties.  Ensure that the service is set to automatic.

Restart the computer normally and login with your new credentials.  The only step left is to clean up the new service.  Go to run, type cmd, hit enter.  type – net stop PassRecovery – hit enter.  Then type – sc delete PassRecovery – The only thing left is to delete the c:\temp folder that you copied onto the drive.

For those that like to understand what exactly we did I will give a brief explanation.  The instsrv.exe utility installs a service.  The srvany.exe allows you to run an application as a service.  Running srvany.exe as a service  running on startup allows you to execute the” net user” command with the system credentials.

Popularity: 2% [?]