Archive for the ‘Active Directory Password’ category

How to Change Active Directory Password Policy in Windows Server 2008

September 24th, 2012 by Admin

When setting up a new Windows Server 2008 server with Active Directory you will discover that you are not allowed to edit the default domain policy. You can use complex passwords to meet the default password policy, but sometimes you may need to continue using simple passwords, edit or disable the strong password policy, what should you do next?

Here is the step-by-step guide to change Active Directory password policy in Windows Server 2008. You need to log on domain controller using administrative account so you have sufficient privileges to make the change.

How to Change Active Directory Password Policy in Windows Server 2008?

  1. Click Start, click Administrative Tools, and then click Group Policy Management.

  2. Under Group Policy Management window, go to Forest > Domains > {your domain} > Default Domain Policy, click on the Settings tab you can see the default password policy applied to your domain user accounts.

    Unfortunately, there is no option for you to edit or change the default domain policy. The only way to change your password policy is to create a new domain policy to overwrite the default domain policy.

  3. To create a new domain policy, please click on your domain name in the left panel, then select Create a GPO in this domain, and Link it here….

  4. Now right-click on the domain policy you’ve created and then click Edit.

  5. In the appearing window, go to Policies > Windows Settings > Security Settings > Account Policies > Password Policy.
  6. You can double-click on the Password must meet complexity requirements in the right pane to disable the setting, or double-click on Minimum password length to change the password requirement, and so on.
  7. After you complete the editing of your domain policy, right-click on your new domain policy and tick the Enforced and Link Enabled to make your changes to take effect.

How to Reset A User Password in Active Directory

September 24th, 2012 by Admin

Active Directory allows network administrators to centrally manage the user accounts, and other resources on a network. Users can use a single username and password to log in to any computer on the Active Directory domain. If you forget your password, you can reset it from the Active Directory Users management console. You must be an Active Directory administrator with the proper permissions to reset a user’s password. This guide provides a step-by-step set of instructions on how to reset a user password in Active Directory.

Note: If you have forgotten domain administrator password and can’t log in to the domain controller any more, you need to use the Reset Windows Password utility to reset your forgotten domain admin password.

How to Reset A User Password in Active Directory?

Before resetting Active Directory user password, you need to log on domain controller with administrator rights, then follow these steps:

  1. Click Start, click Control Panel, double-click Administrative Tools, and then double-click Active Directory Users and Computers.
  2. Navigate to the Users item of your Active Directory domain in the left pane.
  3. Right-click the domain user account you want to reset the password for in the right pane, and select Reset Password.

  4. Type a new password into the Password and Confirm Password boxes.
  5. Click OK. Done!

How to Disable Password Expiration in Windows Server 2008 Domain Controller

September 18th, 2012 by Admin

Having built a lot of Virtual Development Environments with Windows server 2008 and CRM, one thing that I always have to look up is how to disable the annoying password expiration settings so that the password doesn’t have to be reset every 42 days.

Setting this is not so straight forward, so below are the instructions on how to do this successfully on a Windows Server 2008 that is setup as a domain controller.

Note: If you forgot domain admin password or you are locked out of domain controller, you can use Reset Windows Password utility to unlock your domain password easily.

How to Disable Password Expiration in Windows Server 2008 Domain Controller?

  1. Start –> All Programs –> Group Policy Management.
  2. Expand Forest –> Domains –> (your domain).
  3. Right click on Default Domain Policy and Select “edit…”.

  4. Expand Policies –> Windows Settings –> Security Settings –> Account Policies.
  5. Inside Password Policy you will find all the relevant password settings.

  6. Setting Maximum password age to 0 will disable password expiration notification.
  7. Exit out and in the command prompt run “gpupdate.exe”

Now you should be good to go 🙂

How to Reset Domain User Password

August 27th, 2012 by Admin

Forgot domain user password? You will be suggested to use Ophcrack or Offline NT Password & Registry Editor to reset your forgotten domain user password on various forums. But actually these tools don’t work for your situation. Ophcrack and Offline NT Password & Registry Editor are designed to recover / reset the local administrator/users passwords stored in Windows SAM (Security Accounts Manager) file, and they couldn’t be used to reset domain user passwords. Actually, domain user passwords are encoded using a much stronger encryption algorithm and they are stored in a new location: ntds.dit, which is the Active Directory database file.

There are few tools and tricks available on the internet which can be used to deal with forgotten domain user password. So here I’m going to show you an easy way to reset domain user password on Windows Server 2008, 2003 and 2000 domain controller.

How to Reset Domain User Password?

  1. First you need to download Password Recovery Bundle program on another computer. After installing and running the program, click the Windows Password button, which allows you to create a domain password reset disk in 3 steps. Insert a blank CD/DVD or USB drive into the computer and click Start Burn to create such a disk.
  2. Insert the domain password reset disk you’ve created into the computer with a forgotten domain user password. Turn on the computer and hold down F2 or whatever the setup key is shown as during the initial boot screen. This should bring up the BIOS.
  3. In the BIOS look for the Boot Device Priority option, set CD/DVD as the 1st boot device if you want to boot from CD. You can either set Removable Device as the 1st boot device if you want to boot off USB drive. Save your changes.
  4. Restart the computer and now it will boot from the domain password reset disk. After one or two minutes the disk will launch the Reset Windows Password utility.
  5. Choose the Reset Active Directory Password option, it will display a list of domain user accounts inside the ntds.dit file.
  6. Choose a domain user account and then click Reset Password button. The program will change your domain user password to Password123 by default.
  7. Now remove the domain password reset disk and restart the computer, you can then quickly log on to your domain controller with the new password.

This method works even if you forgot the domain administrator password or your domain user account is locked out or disable. Easily regain access to your server without reinstalling.

How to Change Windows Domain Password if You Forgot it

August 1st, 2012 by Admin

I just lost my domain administrator password so can anyone please do tell me how to change it so that I can log onto domain controller or add any further machines into domain via that account. I would be waiting anxiously for all your suggestions.

In Windows 2008/2003/2000, if the server is a domain controller, you must set a strong password to meet the password policy requirements when you create a new account. By default, domain password requires at least 7 characters and at least 1 numeric character or at least 1 special character (*&^%$#@, etc.). You may also be forced to change the password on a regular basis. So there is a big chance that you would forgot the password. What to do if you forgot Windows domain password and can’t log in with any other account?

In this tutorial we’ll show you how to change Windows domain password if you forgot it. Follow the steps below you can change your forgotten domain password on Windows Server 2008/2003/2000 in minutes.

How to Change Windows Domain Password:

  1. Download Password Recovery Bundle and save it on any accessible computer. Install and launch Password Recovery Bundle, then click Windows Password button, the pop-up dialog enables you to create a password reset CD.
  2. To make your locked computer boot off the password reset disk, head over to the computer’s BIOS and make some changes: Set CD-ROM as the 1st boot device.
  3. Insert the password reset disk you’ve created into your locked computer. Restart the computer. You’ll notice the boot screen is not the same as usual because it is loading from the password reset disk now.
  4. It takes a while to load some necessary files and launch the Reset Windows Password utility. Here we’re going to change Windows Domain password, so we choose the Reset Active Directory Password option. It will display a list of domain user accounts on your domain controller.
  5. Choose a domain account whose password you forgot, then click Reset Password button. The program will change its password to Password123 by default.
  6. Remove the password reset disk and restart the computer.

Now you’ve successfully changed Windows domain password on your domain controller. You can then log on the computer with your new password.

Reset Domain Controller Password on Windows Server 2008/2003/2000

July 4th, 2012 by Admin

My company has a remote location with a rogue domain controller in which no one has the password for. This was set up by my predecessor who was fired and never told anyone the password.  I want to migrate this location to our national domain, and it is currently in production at as a file server and print server also. My question is how can I safely reset the password on this server?

There are many password reset tools out there, that will allow you to reset Windows local passwords, but I haven’t come across one before, that will let you reset the password of a domain admin account on a domain controller. In this tutorial I will walk you through how to reset the domain administrator password on Windows Server 2008/2003/2000 domain controller.

Reset Windows Password is the software that can help you instantly regain access to your domain controller by resetting the forgotten domain administrator password. The software comes as an ISO image, which you have to burn to a CD or USB drive. As long as you have physical access to the domain controller, you can easily reset domain controller password on Windows Server 2008/2003/2000.

How to Reset Domain Controller Password:

  1. Download the zip archive of Reset Windows Password utility. Unzip it and burn the ISO image to a blank CD or USB stick.
  2. Insert the CD or USB stick into your locked computer and let your computer boot from it.
  3. After a while the bootdisk will launch the Reset Windows Password utility, which shows all user accounts available for your Windows installation. By default the Reset Local Admin/User Password option will be selected, the program will display a list of Windows local user accounts. The Reset Active Directory Password option is intended for resetting domain administrator password on domain controller. So we choose the Reset Active Directory Password option.
  4. The program will display a list of domain user accounts on your domain controller.
  5. Choose the user account whose password you forgot, then click Reset Password button. The domain user password will be changed to Password123 by default.

The last step is to remove the CD or USB stick, then restart the domain controller. You’ll be able to log into your domain user account with the new password. After logging into domain controller you can set a new password for the administrator account.

How to Reset Windows Server 2003 Password on Local and Domain Account

June 24th, 2012 by Admin

Forgot the administrator password on Windows Server 2003 and none of the users have administrative rights? How do you go about resetting the administrator login on Windows Server 2003 while you keep getting the password is incorrect? It is either that the password you have entered is incorrect or the administrator account is locked out or disabled.

With Password Recovery Bundle you can solve all of these problems above.  The software can help you reset lost or forgotten passwords to any local admin and domain admin account on Windows Server 2003, unlock any Windows account which is locked out, disabled or expired. This article mainly explains how to create a password reset disk (CD, DVD or USB stick) with Password Recovery Bundle, then use it to reset Windows Server 2003 password on local and domain account. Follow these steps:

Step 1: Create a Password Reset Disk

Download Password Recovery Bundle and save it on another computer you have admin access to. Install and launch Password Recovery Bundle, then click Windows Password button,  the pop-up dialog enables you to create a password reset disk  (CD, DVD or USB stick) .

Step 2: Set Your PC to Boot from Password Reset Disk

To make your locked computer boot off the password reset disk,  head over to the computer’s BIOS and make some changes: Set CD-ROM as the 1st boot device if you need to boot the computer from CD/DVD; or set Removable Device as the 1st boot device if you want to boot from USB stick.

Step 3: Reset Windows Server 2003 Password

  1. Insert the password reset disk you’ve created into your locked computer. Restart the computer. You’ll notice the boot screen is not the same as usual because it is loading from the password reset disk now.
  2. It takes a while to load some necessary files and launch the Reset Windows Password utility. On the main screen of Reset Windows Password utility, you can see the Windows SAM database file and a list of Windows local accounts on Windows Server 2003.

    There are two recovery options: Reset Local Admin/User Password and Reset Active Directory Password. If you forgot local user account passwords or Directory Services Restore Mode password, please choose the Reset Local Admin/User Password option; Or choose the Reset Active Directory Password option if you want to reset domain administrator password on Windows 2003 domain controller.

    Here we’re going to reset Windows local administrator password, so we choose the first option.

  3. Choose a user account whose password you forgot, then click Reset Password button. The program will reset your forgotten password and unlock the user account if necessary.
  4. Remove the password reset disk and restart the computer.

Now you’ve reset the forgotten Windows Server 2003 password. You can then successfully log on and regain full control over your computer.  With this password reset CD, you’ll never be bothered by a forgotten Windows Server 2003 password!

How To Install Active Directory on Windows Server 2008

June 14th, 2012 by Admin

In any small network setup where there are maximum of 15 computers, peer-to-peer network infrastructure is the best solution. However when the number of computers are increased and it becomes practically impossible for the administrators to manage several computers as a peer-to-peer setup, installation of Active Directory Services becomes essential.

In this scenario we are going to install Active Directory fresh with a brand new Domain Controller after a fresh install of Windows Server 2008.

Requirements for Active Directory:

Let’s go through some of the requirements for a fresh install of Active Directory Domain Services. Some of these will be required to be done beforehand, others as noted can be done during the install:

  • Install Windows Server 2008
  • Configure TCP/IP and DNS networking configurations
  • An NTFS partition with enough free space
  • Active Directory requires DNS to be installed in the network. If it is not already installed you can specify DNS server to be installed during the Active Directory Domain Services installation.

Once you verify that these requirements have been met we can get started.

How to Install Active Directory on Windows Server 2008:

Let’s start by installing Active Directory through Server Manager. This is the most straight forward way, as a wizard will guide you through the steps necessary.

1. Start Server Manager.

2. Select Roles in the left pane, then click on Add Roles in the center console.

3. Depending on whether you checked off to skip the Before You Begin page while installing another service, you will now see warning pages telling you to make sure you have strong security, static IP, and latest patches before adding roles to your server.

If you get this page, then just click Next.

4. In the Select Server Roles window we are going to place a check next to Active Directory Domain Services and click Next.

5. The information page on Active Directory Domain Services will give the following warnings, which after reading, you should click Next:

 

6. The Confirm Installation Selections screen will show you some information messages and warn that the server may need to be restarted after installation. Review the information and then click Install.

7. The Installation Results screen will hopefully show Installation Succeeded, and an additional warning about running dcpromo.exe (I think they really want us to run dcpromo). Click Close.

8. After the Installation Wizard closes you will see that Server Manager is showing that Active Directory Domain Services is still not running. This is because we have not run dcpromo yet.

9. Click on the Start button, type dcpromo.exe in the search box and either hit Enter or click on the search result.

10. The Active Directory Domain Services Installation Wizard will now start. There are links to more information if you want to learn a bit more you can follow them or you can go ahead and click Use advanced mode installation and then click Next.

11. The next screen warns about some operating system compatibility with some older clients. Click Next.

12. Next is the Choose Deployment Configuration screen and you can choose to add a domain to an existing forest or create a forest from scratch. Choose Create a new domain in a new forest and click Next.

13. The Name the Forest Root Domain wants you to name the root domain of the forest you are creating.

For the purposes of this test we will create ADExample.com. After typing that go ahead and click Next.

14. The wizard will test to see if that name has been used, after a few seconds you will then be asked for the NetBios name for the domain. In this case I will leave the default in place of ADEXAMPLE, and then click Next.

15. The next screen is the Set Forest Functional Level that allows you to choose the function level of the forest.

Since this is a fresh install and a new forest with no additional prior version domains to worry about I am going to select Windows Server 2008. If you did have other domain controllers at earlier versions or had a need to have Windows 2000 or 2003 domain controllers (because of Exchange for example), then you should select the appropriate function level.

Select Windows Server 2008 and then click Next.

16. Now we come to the Additional Domain Controller Options where you can select to install a DNS server, which is recommended on the first domain controller.

Let’s install the DNS Server by placing a check next to it and clicking Next.

17. You will get a warning window about delegation for this DNS server cannot be created, but since this is the first DNS server you can just click Yes and ignore this warning.

18. Next you can choose to place the files that are necessary for Active Directory, including the Database, Log Files, and SYSVOL.

It is recommended to place the log files and database on a separate volume for performance and recoverability. You can just leave the defaults though and click Next.

19. Now choose a password for Directory Services Restore Mode that is different than the domain password. Type your password and confirm it before hitting Next.

Note: You should use a STRONG password for this and will be warned if it doesn’t meet criteria.

20. Next you will see a summary of all the options you have went through in the wizard.

If you plan on creating more domain controllers with the same settings hit the Export settings … button to save off a text copy of the settings to use in an answer file for a scripted install. After exporting and reviewing settings click on Next.

21. Now the installation will start including the DNS server option if selected. You will notice a box to Reboot on completion that you can check to reboot soon as everything is installed (A reboot is required you can do it manually or use this function to do it automatically).

NOTE: This can be from a few minutes to several hours depending on different factors.

 

When its done you will be notified and required to reboot your PC. That’s all!  Now you have a working installation of Active Directory.