Archive for the ‘Active Directory Password’ category

How to Install Active Directory in Windows Server 2012

November 3rd, 2012 by Admin

Similar to previous versions of Windows Server, there are two steps to install Active Directory: First you need to add the Active Directory Domain Services Role to your computer, then run the dcpromo commmand to promote your server to a domain controller. However, in Windows Server 2012, the dcpromo command has been deprecated.

So what replaces dcpromo in Windows Server 2012? There are now two ways to promote your server to a DC: One, through PowerShell and other is Server Manager. Here we will show you how to install Active Directory through Server Manager.

This tutorial can be divided into 2 steps. Before installing Active Directory, please assign a static IP address to your server and set a strong password for the built-in administrator account.

Part 1: Install Active Directory Domain Services

  1. Open Server Manager, then click on Add Roles and Features link.
  2. Click Next on the Before you begin window.
  3. Select Role-based or feature-based installation and then click Next.
  4. Click Select a server from the server pool, click the name of the server to install Active Directory Domain Services to, and then click Next.
  5. Click Active Directory Domain Services. When the Add Roles and Features Wizard dialog box opens, select Add Features, then Next.
  6. On the Active Directory Domain Services page, review the information and then click Next.
  7. On the Confirm installation selections page, click Install.
  8. After the installation has completed, the server will restart.

Part 2: Promote the Server to a Domain Controller

Once above step is completed and all required features have been installed, now is the time to promote the server to a Domain Controller by following the below steps.

  1. Back in Server Manager, you will notice that AD DS has been added to the left navigation tree. Click on it and then click on More on the right navigation pane where it states that Configuration is required for Active Directory Domain Services.
  2. You will now be presented with the All Servers Task Details window, in which you will click on Promote this server to a domain controller under Action.
  3. The Deployment Configuration screen appears and we will select Add a new forest as this is the first domain controller. Enter your Root domain name and then click Next.
  4. On the Domain Controller Options page select your Forest and Domain functional levels, for this demo will leave the defaults of Windows Server 2012 for both, Enter a desired DSRM Password, click Next.
  5. On the DNS Options page, click Next.
  6. The NetBIOS domain name will then be inputted automatically. In the event of a conflict, it will suggest an alternative by appending the original name with a 0. Click Next.
  7. On the Paths page verify the desired locations of the Database, Log files and SYSVOL folders, change the locations is required, click Next.
  8. On the Review Options page, click Next.
  9. The wizard will perform a Prerequisite check before the installation can continue. After the check is completed successfully click Install.
  10. The server will restart once the configuration has completed, the server is now a domain controller for the newly formed domain. Upon restart, you should be able to login using your domain administrator account.

How to Perform Active Directory Offline Defragmentation

October 19th, 2012 by Admin

The Active Directory database tends to become fragmented over time, just like any other database does. Although Windows Server 2008/2003/2000 performs behind-the-scenes online defragmentation periodically, this defragmentation only moves data around the database file (NTDS.DIT) and doesn’t reduce the file’s size – the ntds.dit database file cannot be compacted while Active Directory is online. If you have significantly fewer objects in AD than you had previously, you can shrink the size of the ntds.dit file by performing an offline defragmentation.

Tips: If you forgot domain administrator password in Active Directory and can’t log on the domain controller, you can reset/unlock any domain user account passwords easily with Reset Windows Password utility.

Performing an offline defragmentation can increase performance, however, the main reason would normally be to free up disk space. Please note, you should backup your database before doing this by copying your ntds.dit to another location.

How to Perform Active Directory Offline Defragmentation?

First, you need to stop the Active Directory Domain Service. You can defrag / compact the ntds.dit database file when AD is not running. It’s not necessary to reboot into Directory Services Restore Mode.

After the services have been stopped, open a Command Prompt on the server, and enter the following commands:
NTDSUTIL
Activate Instance NTDS
Files
Info

At this point, you should see a summary of the files that are used by the Active directory database. To begin the defragmentation process, enter the following command:
Compact to e:\windows\ntds\temp
The command shown above assumes that you have created a folder named Temp beneath the e:\windows\ntds\temp folder.

When the process completes, you need to do what it says and copy the defragged database from e:\windows\ntds\temp\ntds.dit to e:\windows\ntds\ntds.dit.

Finally, restart the Active Directory Domain Services (the dependency services will restart automatically). You now have a smaller and better performing Active Directory.

How to Backup Windows Server 2008 Active Directory

October 19th, 2012 by Admin

Backing up Active Directory is essential to maintain an Active Directory database. A system state backup is particularly important for disaster recovery purpose in case of a accidental corruption or deletion of Active Directory objects. Since Windows Server 2008, you won’t find the well-known ntbackup.exe, the native backup tool in previous Windows versions. Instead, you use Windows Server Backup, the new native backup solution, which is available as an installation option in all versions of Server 2008.

Tips: If you forgot domain administrator password in Active Directory and can’t log on the domain controller, you can reset/unlock any domain user account passwords easily with Reset Windows Password utility.

In this tutorial we’re going to demonstrate the steps of backing up Windows Server 2008 Active Directory. To get started, you need to install Windows Server Backup from the Server Manager, so you can then use it to perform a system state backup.

Part 1: Install Windows Server Backup

  1. Go to Start menu, and then select Administrative Tools, click on Server Manger.
  2. Under Server Manager window, click on the Add Features link from the features summary section.
  3. Select the Windows Server Backup Features, and then click on Next. The Command-line Tools allows you to perform a DC backup and recovery from the command line.
  4. Click on Install to complete the installation.

Part 2: Backup Windows Server 2008 Active Directory

Now that we have Windows Server Backup installed lets perform our first backup of Active Directory in Windows Server 2008.

  1. Go to Start menu, and then select Administrative Tools, click on Windows Server Backup.
  2. Select the Backup Once option to perform an immediate backup as illustrated in the screen below.
  3. It will bring up the Backup Once Wizard, select Different Options and then click Next.
  4. If you want to perform a full backup of your server, click on the Full server option. Now we’re going to perform a system state backup, so we choose the Custom option.
  5. In the next window, you can customize the items you want to backup.
  6. Click on Add Items button, check the System state option from the list. You can also choose to backup the entire NTFS volume on your computer.
  7. Specify the destination type for your backup. A system-state backup can’t be performed directly to a network share so we have to choose the Local drives.
  8. Next select a volume to store the backup. Windows Server Backup requires you to provide a separate target volume for the backup data. In single-volume server, you may need to shrink the existing partition to create a volume dedicated solely to backup data.
  9. In the next window, confirm the options you have selected and then click on Backup.

If you want to script the backup process, or if you are backing up a server on a Server Core installation, you can use the WBADMIN.EXE command-line program. WBADMIN provides a complete set of options that perform essentially the same functions as the MMC snap-in, including performing a system state backup.

How to Access the Directory Services Restore Mode on a Remote DC

October 15th, 2012 by Admin

When Active Directory (AD) isn’t working, the steps you’d typically follow would be to boot into Directory Services Restore Mode (DSRM) for repairing or recovering Active Directory. To access Directory Services Restore Mode, you typically press F8 prior to the machine booting into Windows, then select the Directory Services Restore Mode option from the menu that appears.

Tips: If you forgot DSRM password or domain admin password, you can reset the forgotten password easily with Reset Windows Password utility.

But sometimes you need to fix a problematic DC in a remote location, but nobody is close enough to troubleshot. Obviously, you can’t boot the domain controller into DSRM as usual. In this tutorial we’ll show you how to access Directory Services Restore Mode on a remote DC.

How to Access Directory Services Restore Mode on a Remote DC?

  1. On your machine, select Run from the Start menu, type Mstsc /console, and click OK.
  2. Type the IP address of the remote domain controller you want to connect to.
  3. Log on to the server using the Active Directory account.
  4. On the DC, right-click My Computer, click Properties, and then click the Advanced tab.
  5. Click Settings for startup and recovery.
  6. Click the Edit button to edit the startup options file.
  7. Modify the default entry to include the /SAFEBOOT:DSREPAIR switch, as shown in the following example:multi(0)disk(0)rdisk(0)partition(2)\WINNT="W2K DC \\ your server name " /fastdetect /SAFEBOOT:DSREPAIR
  8. Save the modified Boot.ini file, and then close Notepad.
  9. Restart the domain controller.
  10. After waiting a few minutes, perform steps 1 and 2 again.
  11. When you reconnect, the server should state that it’s in Directory Services Restore Mode. Log on using the Local Administrator account (not the Active Directory account).

Once you have restarted the server in Directory Services Restore Mode, you are ready to begin the repairing or recovery process.

How to Reset Lost 2008 Active Directory Admin Password

October 11th, 2012 by Admin

We have a few customers, who have forgot their AD Administrator password on their Windows 2008 server. Is there really any way to recover it? I know it’s possible to reset your Windows 7, XP and Vista password. But is it possible to get the AD administrator password on a 2008 server? I hope we can avoid a re-install. Cheers.

Lost or forgot the administrator password on Active Directory 2008? There isn’t any efficient way to recover the password as Active Directory encrypts the password using some very strong encryption algorithms. But you can reset or replace the forgotten password easily. Today’s tutorial will be covering a technique that will allow you to reset your lost 2008 Active Directory Administrator Password.

How to Reset Lost 2008 Active Directory Admin Password?

  1. Download and install Password Recovery Bundle on another computer that you can log in.
  2. Prepare a blank CD and insert it into the computer.
  3. Launch Password Recovery Bundle and click on Windows Password button, it will display the ISO burning dialog.

  4. Choose your CD you’ve plugged in and then click on Start Burn button to create a Live CD.
  5. After you have the Live CD, put it into the CD drive of your Active Directory server whose password you want to reset.
  6. Turn on the Active Directory server and have it boot from the Live CD. You may need to go into BIOS and set CD/DVD as the first boot device.
  7. After booting from the Live CD, it will load the Windows PE operating system inside the Live CD and start the Reset Windows Password program.

  8. Choose the Active Directory NTDS.dit database, it will display a list of domain user accounts inside the NTDS.dit database.
  9. Choose the administrator account from the list, then click on Reset Password button, the program will replace the forgotten/unknown administrator password with a new password: Password123.

Take out the Live CD and reboot the Windows 2008 server, you can then log in to your domain administrator account with your new password. With the Live CD you can also reset lost admin password on Windows 8, 7, Vista, XP.

How to Break Domain Controller Password without Logging In

October 4th, 2012 by Admin

Forgot domain administrator password and couldn’t log on your domain controller? This is the most common password problems that many network administrators and system administrators face when dealing with domain controller. Here we’ll show you an easy way to break domain controller password quickly and easily.

Reset Windows Password is the powerful utility which enables you to break domain controller password on Windows Server 2008/2003/2000. This utility works offline, that means you need to shut down your computer and boot off your computer using a CD or USB stick.

How this software works?

Windows Active Directory stores the domain user passwords and other account information in a file called NTDS.dit. This file can be usually found in:\windows\ntds. This file is a part of Active Directory database and remains inaccessible as long as the domain controller is running. Hence, it is necessary that you boot off your computer and access this NTDS.dit file via the boot disk. This tool intelligently gains access to this file and will reset/change the password associated with administrator or any other domain user account.

How to break domain controller password without logging in?

The steps involves burning a Live CD on another accessible computer, and then boot up your domain controller with the Live CD so you can break domain controller without even logging in.

  1. Download the Reset Windows Password utility. Unzip the download file and you’ll get a ResetWindowsPwd.iso file.
  2. Burn the ISO image file to a blank CD using any burning program (we recommend BurnCDCC) that can burn ISO images.
  3. After you have the Live CD, bring it to boot off your domain controller whose password you want to break. You’ll see that the computer will load some files inside the Live CD and launch the Reset Windows Password utility.
  4. Click on the Reset Active Directory Password option, then choose the Active Directory ntds.dit database file from the drop-down list. It will display the domain user accounts and you can find which account is password-protected, locked out or disabled.
  5. Choose a user account and then click on the Reset Password button, it will break your domain account and change the forgotten/unknown password to a new one: Password123.
  6. Now remove the Live CD and restart the computer, you can then log in to your domain user account with the new password.

With the Live CD you can also use it to reset local admin/user passwords on Windows Server 2008/2003/2000 and Windows 8/7/Vista/XP. It’s a must-have Live CD for network administrators and system administrators.

How to Reset Forgotten Directory Services Restore Mode Password in Active Directory

September 29th, 2012 by Admin

Certain tasks in Active Directory require that you start the domain controller without Active Directory running. These include restoring the database from backup, moving the database, and performing an offline defragmentation of the database. When you start the domain controller and Active Directory is not running, you must log on as the Directory Services Restore Mode (DSRM) account. The password for this account is set when you install Active Directory. The problem is, many people set this password weeks or months ago, and when it comes time to use it, they can’t remember what it is. Does this sound familiar?

Here we’ll show you an easy way to reset forgotten Directory Services Restore Mode password in Active Directory 2008/2003/2000. Reset Windows Password utility can run on a CD or USB flash drive and help you remove Directory Services Restore Mode password without logging in to Active Directory.

How to Reset Forgotten Directory Services Restore Mode Password in Active Directory?

  1. Download the Reset Windows Password utility. Unzip the download file and you’ll get a ResetWindowsPwd.iso file.
  2. Burn the ISO image file to a blank CD using any burning program (we recommend BurnCDCC) that can burn ISO images.
  3. After you have the Live CD, bring it to boot off your domain controller whose password you want to reset. You’ll see that the computer will load some files inside the Live CD and launch the Reset Windows Password utility.

  4. Click on the Reset Local Admin/User Password option, then choose the Windows SAM database from the drop-down list. It will display the local user accounts and you can find which account is password-protected.
  5. Choose the administrator account and then click on the Reset Password button, it will blank your Directory Services Restore Mode password immediately.
  6. Now remove the Live CD and restart the computer, you can then log in to the Directory Services Restore Mode (DSRM) account with a blank password.

As it’s shown in the steps above, you can also click the Reset Active Directory Password option to unlock your domain user password if you forgot domain admin/user password.

How to Recover Active Directory Password with A Live CD

September 29th, 2012 by Admin

Forgot Active Directory password is one of the most annoying thing for network administrators in medium to large organizations. If the domain controller is very important for your company, then you have to find some other ways to recover Active Directory password than formatting and reinstalling the server. There are many excellent Windows password recovery software available on the internet, but none of them are able to recover Active Directory password.

Active Directory password is encrypted and stored in the NTDS.dit database. Once you’ve forgotten the password, you have no access to all your computer files. So we need to create a Live CD and use it to boot your domain controller for performing password recovery. Password Recovery Bundle is the only software you need in this tutorial.

How to Recover Active Directory Password with A Live CD?

  1. Download and install Password Recovery Bundle on another computer that you can log in.
  2. Prepare a blank CD and insert it into the computer.
  3. Launch Password Recovery Bundle and click on Windows Password button, it will display the ISO burning dialog.

  4. Choose your CD you’ve plugged in and then click on Start Burn button to create a Live CD.
  5. After you have the Live CD, put it into the CD drive of your domain controller whose password you want to recover.
  6. Turn on the domain controller and have it boot from the Live CD. You may need to go into BIOS and set CD/DVD as the first boot device.
  7. After booting from the Live CD, it will load the Windows PE operating system inside the Live CD and start the Reset Windows Password program.

  8. Choose the Active Directory NTDS.dit database, it will display a list of domain user accounts inside the NTDS.dit database.
  9. Choose a domain user account from the list, then click on Reset Password button, the program will replace the forgotten/unknown password with a new password: Password123.

Remove the Live CD and restart the domain controller, you can then log in to your Active Directory user account and recover access to all data and files on your domain controller. The Active Directory password recovery procedure is simple and fast! No need to spend a lot of time to rebuild your server.