Archive for the ‘Active Directory Password’ category

Forgot Domain Administrator Password on Windows Server 2008

January 10th, 2013 by Admin

We are taking over a new company and nobody knows the administrator password to log on the Windows Server 2008 domain controller, we try with few users to see if they were administrator in the domain with no luck. no way to contact the person that set it up. Is there a way that we can change or reset the password? Thanks in advance.

I think it is a fairly common occurrence these days that IT Administrators forget the password of a domain controller after they have got back from a vacation or there has just been a situation where the previous system admin has left without leaving the server password.

There are lot of different Windows password recovery utilities that are available on the web. Some open source and some paid ones and it can get a bit confusing when deciding which one to go with.

There is one utility that you can rely on and believe it works on all Windows Server OS, including Windows Server 2012/2008/2003/2000. This is called Reset Windows Password. Once you have downloaded the ISO image, burn it on a CD and then boot the server of it. Resetting forgotten domain administrator password for a domain controller is a 2-step procedure.

How to Reset Forgotten Domain Administrator Password on Windows Server 2008?

First, you will need to download the Reset Windows Password utility on any PC that you can access. This can be your work PC, or a friend or your co-worker’s computer. After the download is complete, unzip the download file and you’ll get the ResetWindowsPwd.iso file.

Burn the ResetWindowsPwd.iso file to a CD using your preferred CD Burning software. If you don’t have one, you can use the freeware such as ImgBurn or ISO2Disc. If your domain controller doesn’t come with a CD/DVD-ROM, you can choose to burn the ISO image to a USB flash drive using ISO2Disc.

Put the CD into the CD drive of your domain controller, then change the boot order in BIOS to set the computer to boot from CD. Once the computer has booted, it will load the OS inside the CD drive and launch the Reset Windows Password utility.

Choose the Reset Active Directory Password option, the program will locate the ntds.dit file which is used to stored domain user login details on your domain controller.

Choose the domain administrator account and then click on Reset Password button, the program will change the forgotten/unknown password to Password123 by default, and also unlock/enable the account in case it is locked out or disabled.

The last step is remove the CD and restart the domain controller, you’ll be able to log in to your Windows Server 2008 using the domain administrator account. This is it!! You have successfully hacked your own server.

Comments Off on Forgot Domain Administrator Password on Windows Server 2008 »

Posted in Active Directory Password, Tips & Tricks

Tags: forgot domain administrator password reset domain administrator password windows server 2008

How to Reset a Forgotten Administrator Password on a Domain Controller

November 27th, 2012 by Admin

Network administrators change the administrator account password often to provide an extra level of protection for the account. The administrator account is a target for hackers, because it has complete control over the network. But frequently changing the administrator password can also cause losing it easier. What to do if you forgot the administrator password on a domain controller?

In this tutorial we’ll demonstrate how to reset a forgotten administrator password on a Windows Server 2010/2008/2003/2000 domain controller, if you forgot the administrator password and can’t login using any other alternative administrative accounts.

How to Reset a Forgotten Administrator Password on a Domain Controller?

Download and install Password Recovery Bundle on another computer that you can log in.
Prepare a blank CD and insert it into the computer.
Launch Password Recovery Bundle and click on Windows Password button, it will display a password reset bootdisk creating dialog.
Choose the CD you’ve plugged in and then click on Start Burn button to create a Live CD.
After you have the Live CD, put it into the CD drive of your domain controller.
Turn on the server and have it boot from the Live CD. You may need to go into BIOS and set CD/DVD as the first boot device.
After booting from the Live CD, it will load the Windows PE operating system inside the Live CD and start the Reset Windows Password program.
Choose the Active Directory NTDS.dit database, it will display a list of domain user accounts inside the NTDS.dit database.
Choose the administrator account from the list, then click on Reset Password button, the program will replace the forgotten/unknown administrator password with the new password: Password123.

Reject the Live CD and reboot the domain controller, you can then log in to the administrator account with the new password. No need to format the hard drive and re-install your domain controller.

Comments Off on How to Reset a Forgotten Administrator Password on a Domain Controller »

Posted in Active Directory Password, Tips & Tricks

Tags: domain controller forgot administrator password on domain controller reset administrator password on domain controller reset forgotten administrator password

How to Recover Windows Server 2012 Administrator Password

November 17th, 2012 by Admin

I forgot the administrator password on my Windows Server 2012, and I have been locked for a few days. Now I need to get into my server and get my job done. I have try many free and paid programs to recover Windows Server 2012 administrator password, but none of them really work. Is there any way to recover or reset my forgotten password?

If you have only one administrator account on Windows Server 2012 and you forgot the password, you’re in a tough spot, and your options are limited. You may be able to recover your password with a hint or a recovery key, but if neither of those works, you may think that you’re generally left with having to rebuild your PC from scratch.

Actually, with Reset Windows Password utility you can easily remove forgotten local administrator and domain administrator passwords on Windows Server 2012. This software will allow you to reset your password in a secure fashion without losing any information on your PC.

How to Recover Windows Server 2012 Administrator Password?

Download the zip archive of Reset Windows Password utility. Unzip it and burn the ISO image to a blank CD or USB stick.
Insert the CD or USB stick into your locked computer and let your computer boot from it.
After a while the bootdisk will launch the Reset Windows Password utility, which shows all Windows user accounts available for your Windows installation. By default the Reset Local Admin/User Password option will be selected, the program will display a list of Windows local user accounts. If you want to reset domain administrator password, please choose the Reset Active Directory Password option.
Choose the administrator account whose password you forgot, then click Reset Password button. The program will quickly reset the unknown/forgotten password as well as unlock the user account if it is disabled or locked out.

Now you’ve reset the forgotten Windows Server 2012 administrator password. You can then successfully login and regain full control over your server. With this password reset CD/USB, you’ll never be bothered by a forgotten Windows Server 2012 password!

Comments Off on How to Recover Windows Server 2012 Administrator Password »

Posted in Active Directory Password, Tips & Tricks

Tags: forgot windows server 2012 password recover windows administrator password recover windows server 2012 password Windows Server 2012 windows server 2012 password recovery

How to Crack Active Directory Password

November 7th, 2012 by Admin

The bane of an system/network administrator’s life is when Active Directory administrator passwords are lost or simply forgotten. For the unprepared, losing an admin password can cause extensive disruption to work flow and even business processes. Here I’m going to explain the various approaches that can be taken when faced with this problem.

There are essentially two approaches to recovering Active Directory passwords: cracking by brute force and resetting passwords. Various tools exist for both approaches. The brute force approach involves a dictionary attack against the Active Directory database (ntds.dit). There are many best well-known password cracker tools available on the net, which could be used to crack Windows local admin/user password, but they are unable to extract password hash from Active Directory database. So they are useless when you forgot Active Directory password.

However, you can easily reset the Active Directory password you’ve lost. Using a Live CD is the only option to access the Active Directory database offline so you can reset the password hash for a given Active Directory user account. Password Recovery Bundle is the right software which can help you reset Active Directory admin/user passwords quickly and easily.

Just launch Password Recovery Bundle and click on the Windows Password button, it allows you to create a Live CD/USB which can be used to boot your domain controller and reset your lost Active Directory password in just a few mouse clicks!

Comments Off on How to Crack Active Directory Password »

Posted in Active Directory Password, Tips & Tricks

Tags: crack Active Directory password forgot active directory password recover Active Directory password

How to Reset Lost Domain Admin Password in Windows Server 2012

November 3rd, 2012 by Admin

In my previous post I’ve shown you how to install Active Directory in Windows Server 2012. During the procedure of promoting your server to a domain controller, you’ll be prompted to set a strong password for the administrator account in case the password is blank. What to do if you forgot the domain administrator password after installation?

As system/network administrator, you are usually confronted with the problem of forgetting domain admin password. Even if you don’t have to reset a password now, you should get acquainted with this issue. In this tutorial we’ll show you the easiest way to reset a lost domain administrator password in Windows Server 2012.

How to Reset Lost Domain Admin Password in Windows Server 2012?

Download and install Password Recovery Bundle on another computer that you can log in.
Prepare a blank CD and insert it into the computer.
Launch Password Recovery Bundle and click on Windows Password button, it will display the ISO burning dialog.
Choose the CD you’ve plugged in and then click on Start Burn button to create a Live CD.
After you have the Live CD, put it into the CD drive of your locked server PC whose password you want to reset.
Turn on the server and have it boot from the Live CD. You may need to go into BIOS and set CD/DVD as the first boot device.
After booting from the Live CD, it will load the Windows PE operating system inside the Live CD and start the Reset Windows Password program.
Choose the Active Directory NTDS.dit database, it will display a list of domain user accounts inside the NTDS.dit database.
Choose the administrator account from the list, then click on Reset Password button, the program will replace the forgotten/unknown administrator password with the new password: Password123.

Reject the Live CD and restart the server. You can then log in to the domain administrator account with the new password. It’s so easy to reset a lost domain admin password in Windows Server 2012!

Comments Off on How to Reset Lost Domain Admin Password in Windows Server 2012 »

Posted in Active Directory Password, Tips & Tricks

Tags: forgot domain administrator password lost domain administrator password reset domain admin password reset domain administrator password Windows Server 2012

How to Install Active Directory in Windows Server 2012

November 3rd, 2012 by Admin

Similar to previous versions of Windows Server, there are two steps to install Active Directory: First you need to add the Active Directory Domain Services Role to your computer, then run the dcpromo commmand to promote your server to a domain controller. However, in Windows Server 2012, the dcpromo command has been deprecated.

So what replaces dcpromo in Windows Server 2012? There are now two ways to promote your server to a DC: One, through PowerShell and other is Server Manager. Here we will show you how to install Active Directory through Server Manager.

This tutorial can be divided into 2 steps. Before installing Active Directory, please assign a static IP address to your server and set a strong password for the built-in administrator account.

Part 1: Install Active Directory Domain Services

Open Server Manager, then click on Add Roles and Features link.
Click Next on the Before you begin window.
Select Role-based or feature-based installation and then click Next.
Click Select a server from the server pool, click the name of the server to install Active Directory Domain Services to, and then click Next.
Click Active Directory Domain Services. When the Add Roles and Features Wizard dialog box opens, select Add Features, then Next.
On the Active Directory Domain Services page, review the information and then click Next.
On the Confirm installation selections page, click Install.
After the installation has completed, the server will restart.

Part 2: Promote the Server to a Domain Controller

Once above step is completed and all required features have been installed, now is the time to promote the server to a Domain Controller by following the below steps.

Back in Server Manager, you will notice that AD DS has been added to the left navigation tree. Click on it and then click on More on the right navigation pane where it states that Configuration is required for Active Directory Domain Services.
You will now be presented with the All Servers Task Details window, in which you will click on Promote this server to a domain controller under Action.
The Deployment Configuration screen appears and we will select Add a new forest as this is the first domain controller. Enter your Root domain name and then click Next.
On the Domain Controller Options page select your Forest and Domain functional levels, for this demo will leave the defaults of Windows Server 2012 for both, Enter a desired DSRM Password, click Next.
On the DNS Options page, click Next.
The NetBIOS domain name will then be inputted automatically. In the event of a conflict, it will suggest an alternative by appending the original name with a 0. Click Next.
On the Paths page verify the desired locations of the Database, Log files and SYSVOL folders, change the locations is required, click Next.
On the Review Options page, click Next.
The wizard will perform a Prerequisite check before the installation can continue. After the check is completed successfully click Install.
The server will restart once the configuration has completed, the server is now a domain controller for the newly formed domain. Upon restart, you should be able to login using your domain administrator account.

Comments Off on How to Install Active Directory in Windows Server 2012 »

Posted in Active Directory Password, Tips & Tricks

Tags: dcpromo install active directory Windows Server 2012

How to Perform Active Directory Offline Defragmentation

October 19th, 2012 by Admin

The Active Directory database tends to become fragmented over time, just like any other database does. Although Windows Server 2008/2003/2000 performs behind-the-scenes online defragmentation periodically, this defragmentation only moves data around the database file (NTDS.DIT) and doesn’t reduce the file’s size – the ntds.dit database file cannot be compacted while Active Directory is online. If you have significantly fewer objects in AD than you had previously, you can shrink the size of the ntds.dit file by performing an offline defragmentation.

Tips: If you forgot domain administrator password in Active Directory and can’t log on the domain controller, you can reset/unlock any domain user account passwords easily with Reset Windows Password utility.

Performing an offline defragmentation can increase performance, however, the main reason would normally be to free up disk space. Please note, you should backup your database before doing this by copying your ntds.dit to another location.

How to Perform Active Directory Offline Defragmentation?

First, you need to stop the Active Directory Domain Service. You can defrag / compact the ntds.dit database file when AD is not running. It’s not necessary to reboot into Directory Services Restore Mode.

After the services have been stopped, open a Command Prompt on the server, and enter the following commands:
NTDSUTIL Activate Instance NTDS Files Info

At this point, you should see a summary of the files that are used by the Active directory database. To begin the defragmentation process, enter the following command:
Compact to e:\windows\ntds\temp
The command shown above assumes that you have created a folder named Temp beneath the e:\windows\ntds\temp folder.

When the process completes, you need to do what it says and copy the defragged database from e:\windows\ntds\temp\ntds.dit to e:\windows\ntds\ntds.dit.

Finally, restart the Active Directory Domain Services (the dependency services will restart automatically). You now have a smaller and better performing Active Directory.

Comments Off on How to Perform Active Directory Offline Defragmentation »

Posted in Active Directory Password, Tips & Tricks

Tags: Active Directory Active Directory defragmentation Active Directory offline defragmentation offline defragmentation

How to Backup Windows Server 2008 Active Directory

October 19th, 2012 by Admin

Backing up Active Directory is essential to maintain an Active Directory database. A system state backup is particularly important for disaster recovery purpose in case of a accidental corruption or deletion of Active Directory objects. Since Windows Server 2008, you won’t find the well-known ntbackup.exe, the native backup tool in previous Windows versions. Instead, you use Windows Server Backup, the new native backup solution, which is available as an installation option in all versions of Server 2008.

In this tutorial we’re going to demonstrate the steps of backing up Windows Server 2008 Active Directory. To get started, you need to install Windows Server Backup from the Server Manager, so you can then use it to perform a system state backup.

Part 1: Install Windows Server Backup

Go to Start menu, and then select Administrative Tools, click on Server Manger.
Under Server Manager window, click on the Add Features link from the features summary section.
Select the Windows Server Backup Features, and then click on Next. The Command-line Tools allows you to perform a DC backup and recovery from the command line.
Click on Install to complete the installation.

Part 2: Backup Windows Server 2008 Active Directory

Now that we have Windows Server Backup installed lets perform our first backup of Active Directory in Windows Server 2008.

Go to Start menu, and then select Administrative Tools, click on Windows Server Backup.
Select the Backup Once option to perform an immediate backup as illustrated in the screen below.
It will bring up the Backup Once Wizard, select Different Options and then click Next.
If you want to perform a full backup of your server, click on the Full server option. Now we’re going to perform a system state backup, so we choose the Custom option.
In the next window, you can customize the items you want to backup.
Click on Add Items button, check the System state option from the list. You can also choose to backup the entire NTFS volume on your computer.
Specify the destination type for your backup. A system-state backup can’t be performed directly to a network share so we have to choose the Local drives.
Next select a volume to store the backup. Windows Server Backup requires you to provide a separate target volume for the backup data. In single-volume server, you may need to shrink the existing partition to create a volume dedicated solely to backup data.
In the next window, confirm the options you have selected and then click on Backup.

If you want to script the backup process, or if you are backing up a server on a Server Core installation, you can use the WBADMIN.EXE command-line program. WBADMIN provides a complete set of options that perform essentially the same functions as the MMC snap-in, including performing a system state backup.

Comments Off on How to Backup Windows Server 2008 Active Directory »

Posted in Active Directory Password, Tips & Tricks

Tags: backup Active Directory windows server 2008 Windows Server Backup

Bulk Change User Passwords and Account Attributes in Active Directory

October 17th, 2012 by Admin

I’ve been tasked with resetting the passwords on all users (about 2000 users) in an OU in Active Directory. I was given the proper permissions. Is there any way to reset all the passwords to one single password at one time?

There may be times when you need to bulk reset user passwords in a domain or OU, or change account attributes across user groups, such as force all users in Active Directory to change their password at next login. This is the most common problem that many consultants or network/system administrators face. How can you perform these tasks in a short time?

Password Control is a time-saver freeware that makes it easy for helpdesk staff to reset passwords for all Active Directory user accounts. The tool also enables you to unlock/disable/enable user accounts, updates Active Directory user account attributes, performs updates that previously would have been accomplished with scripts.

How to Bulk Change User Passwords and Account Attributes in Active Directory?

Download and install Password Control on your domain controller. You can get the latest version from this link.
Start Password Control. Click on the File menu and select Bulk Password Control.
Under Bulk Password Control dialog, click on the File menu and select Get Users and From OU.
The powerful searching interface allows you to select user accounts based on a variety of options. You can select users from a group or a particular organizational unit.
If you want to reset the passwords of all user account to one single password, un-check the Generate a unique password for each user option, type your desired password.
Click on the Change Password button. The program will change all your Active Directory user account passwords immediately.
You can also click on the Unlock Accounts button to unlock the AD user which are locked out. By click on the Modify Attributes button, you can bulk change various account attributes such as Password never expires, User must change password at next logon, update of phone numbers and additional information, etc.

Overall I was very impressed with the ease of use and functionality of Password Control. I know from experience that writing scripts to bulk change user passwords is quite complex and time consuming. This tool is very useful for system/network administrators to work with Active Directory.

Comments Off on Bulk Change User Passwords and Account Attributes in Active Directory »

Posted in Active Directory Password, Free Software, Tips & Tricks

Tags: Active Directory bulk change user password bulk password control change user account attributes password control

How to Access the Directory Services Restore Mode on a Remote DC

October 15th, 2012 by Admin

When Active Directory (AD) isn’t working, the steps you’d typically follow would be to boot into Directory Services Restore Mode (DSRM) for repairing or recovering Active Directory. To access Directory Services Restore Mode, you typically press F8 prior to the machine booting into Windows, then select the Directory Services Restore Mode option from the menu that appears.

Tips: If you forgot DSRM password or domain admin password, you can reset the forgotten password easily with Reset Windows Password utility.

But sometimes you need to fix a problematic DC in a remote location, but nobody is close enough to troubleshot. Obviously, you can’t boot the domain controller into DSRM as usual. In this tutorial we’ll show you how to access Directory Services Restore Mode on a remote DC.

How to Access Directory Services Restore Mode on a Remote DC?

On your machine, select Run from the Start menu, type Mstsc /console, and click OK.
Type the IP address of the remote domain controller you want to connect to.
Log on to the server using the Active Directory account.
On the DC, right-click My Computer, click Properties, and then click the Advanced tab.
Click Settings for startup and recovery.
Click the Edit button to edit the startup options file.
Modify the default entry to include the /SAFEBOOT:DSREPAIR switch, as shown in the following example:multi(0)disk(0)rdisk(0)partition(2)\WINNT="W2K DC \\ your server name " /fastdetect /SAFEBOOT:DSREPAIR
Save the modified Boot.ini file, and then close Notepad.
Restart the domain controller.
After waiting a few minutes, perform steps 1 and 2 again.
When you reconnect, the server should state that it’s in Directory Services Restore Mode. Log on using the Local Administrator account (not the Active Directory account).

Once you have restarted the server in Directory Services Restore Mode, you are ready to begin the repairing or recovery process.

Comments Off on How to Access the Directory Services Restore Mode on a Remote DC »

Posted in Active Directory Password, Tips & Tricks

Tags: Active Directory Directory Services Restore Mode domain controller