How to Reset Active Directory Password When You Forgot It

May 31st, 2012 by Admin Leave a reply »

Active Directory allows Windows network administrators to centrally manage the user accounts, and other resources on a network. Users can use a single username and password to log in to any computer on the Active Directory domain. If you forgot domain administrator password and don’t have any other administrative account, you’ll lose full control over your Active Directory server. Is there any way to reset a lost Active Directory password?

Many people will think of some tools such as Offline NT Password and Registry editor, Ophcrack, Hiren’s Boot CD or Ultimate Boot CD. These tools may be a good choice when you forgot Windows local admin/user password, but none of them support Active Directory user passwords. As it’s known to us, Microsoft keeps encrypted passwords of Windows local accounts in SAM database, while using much stronger algorithms to secure Active Directory passwords and saving them in NTDS database. Cracking a lost Windows password is quite difficult for us, not to mention  cracking Active Directory password. But it doesn’t mean we can’t get around the problem. We can still reset Active Directory password quickly and easily.

With Password Recovery Bundle we can reset lost Active Directory password on Windows Server 2008, 2003 and 2000. It works even if your Active Directory account is locked out or disabled. The password resetting procedure can be done in 2 steps:

Step 1: Create a Active Directory Password Reset Disk
First we need to find another accessible computer to download and install Password Recovery Bundle. Launch the program and click the Windows Password button, it allows you to create a password reset disk, which will be used to reset your lost Active Directory password.

Step 2:  Reset Active Directory Password
Insert the Active Directory password reset disk into your domain controller. Restart the computer and have it to boot from the password reset disk. When the loading procedure is complete, you’ll see the Reset Windows Password program. Choose  your Active Directory database (ntds.dit), the program will display a list of Active Directory user accounts. Select a user whose password you already forgot, then click Reset Password button. The program will immediately change the Active Directory password to a new one: Password123.

Restart your domain controller and remove the Active Directory password reset disk, you’ll be able to log in to your Active Directory user account using the new password. It’s that easy!