Server password
Hello I have a Windows 2008 R2 (domain controller) box that has been compromised and we can no longer log in. Are there any Microsoft or non-microsoft ways to recover/reset the password? Thanks
April 26th, 2012 4:59pm

You can restore AD using the restore mode password. or restore the whole box from a backup. this would be the best way: http://www.petri.co.il/reset_domain_admin_password_in_windows_server_2003_ad.htm I'm assuming it's a single server in the environment and there is no site replication in the picture. if the box was compromised and you know how it happened, for example a person who was previously trusted changed the user name and password. then restoring AD would be the way to go. however if the source of the issue is unknown, i would not trust the OS or any applications on it as they could be infected. - S
Free Windows Admin Tool Kit Click here and download it now
April 26th, 2012 5:07pm

Thank you for this. I will attempt to recover next week and post back.
April 26th, 2012 5:13pm

Hello, use your latest AD aware backup and restore the machine. The official statement from Microsoft is you have to reinstall the server.Best regards Meinolf Weber MVP, MCP, MCTS Microsoft MVP - Directory Services My Blog: http://msmvps.com/blogs/mweber/ Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
April 26th, 2012 5:18pm

Hlleo, there is still a program which can easily reset Windows Server 2008 password. It is Windows Password Recovery Enterprise. This tool is designed to reset Windows local administrator and other user account password and reset domain administrator password with ease. No matter how long and how complex your password is, no matter how bad you are at computer or system, you are able to recover your password without any effort with the help of this utility. Here are the steps on how to get back to Windows 2008 password: Section I: To burn a Windows Server 2008 password reset disk, you need the assistance of other computer which can log on to Windows. Step 1: Download Windows Password Recovery Enterprise, double click .exe file and follow the wizard to install it. And then launch it. Step 2: On the main interface of this program, choose "Reset Windows local account password". Insert a blank CD to your CD-ROM or connect USB Drive Flash to USB port. Step 3: Tick "CD/DVD" or "USB" Flash Drive according to the portable device you insert in the previous step. Step 4: Click on "Burn" to start Windows 2008 password reset disk burning. Step 5: After the progress bar reaches 100% and an indicator pops up, click on "OK". And remove your device from this computer. Section II: The directions below should be finished on the locked computer. Step 1: Insert the bootable device onto the locked computer, and boot it from CD or USB. Step 2: You will get the main interface of this program under Win PE environment. Choose the specific Windows installation. Step 3: Highlight one account you want to reset password and click "Reset". Step 4: A confirmation box shows, and you need to click "Yes", and then hit "OK" on the next popup. Step 5: Click "Reboot" to finish the reset. The steps might work in case of 2008/R2 member Servers ! As far as I know, password reset tools WON'T work on Domain controllers !!A UNIVERSE without WINDOWS is CHAOS ! This posting is provided "AS IS" with no warranties or guarantees and confers no rights. About Me !!!
April 26th, 2012 10:50pm

Mind IT, As suggested above, AD restore would be the first and foremost option. If AD restore doesn't work, then you can try resetting Domain Admin password using following steps ====================== Try at your own risk !!! I read below article somewhere (not sure about the source at present) however saved it for reference. Hope that helps. Might work in case of 2008 as well. Most techs worth half a damn have no doubt heard, and probably even used the Offline NT Password & Registry Editor to reset an unknown password on the various NT flavors of Windows (2000, XP, Vista, etc.). one limitation, though, is that it is useful only on local user accounts, not domain user accounts. so if you run into a situation like i did where you need to reset a lost or forgotten domain admin password on an Microsoft Small Business Server 2003 box, the Offline NT Password Reset tool wont be of any use. a google search will quickly find several results for reset lost server 2003/2008 domain password, but many of them will direct you to utilities you have to pay for, or will require you to download certain admin tools from microwhore, ahem, micro$oft. however, all you need is a Server 2003 installation DVD, or in my case, the Small Business Server 2003 installation DVD. restart the server and boot to the DVD after selecting the appropriate installation language, select Repair Your Computer start command prompt, and change the command line path to C:\ by entering c:\ enter cd c:\windows\system32 enter ren utilman.exe *.bak enter copy cmd.exe utilman.exe restart the server. this time do not boot to the DVD, just boot normally at the login screen, press the Windows+U keys on your keyboard. this will bring up the command prompt enter net user [server admin username] [new password] o on a regular Server 2003 install, [server admin username] will probably be administrator, but it could be any domain username with domain admin rights. [new password] will be the new password you want to set. if password complexity is enabled (which is the default on Server 2003) you will need have some UPPER case letters and/or numbers and/or symbols in the password. o on SBS 2003, the administrator account is disabled by default. even if you reset the administrator password, you still wont be able to login because the account will still be disabled. instead of administrator, you would use the server admin user name that was used when the server was first setup. if you dont know the user name, you can enter net user to get a list of all domain user accounts. it wont show you what users have what privileges, but it could help jog your memory. now go back to the login screen and log in with the user name and new password you just set. for user name, be sure to use the domain\username format once you have verified that you can log in with the new password, repeat steps 1-4 enter ren utilman.bak *.exe restart the server and boot normally and thats it! " ====================== Thanks A UNIVERSE without WINDOWS is CHAOS ! This posting is provided "AS IS" with no warranties or guarantees and confers no rights. About Me !!!
Free Windows Admin Tool Kit Click here and download it now
April 26th, 2012 10:59pm

Thank you for the assistance, this worked. My notes on the process below. Now I need to figure out what to do about this OS/AD, as it is not trustoworthy anymore. I found some unknown user accounts in the domain admins group. At first it did not work for me, resetting the permissions on the Temp folder to inherit from the parent and reset permissions on all sub folders and files contained within fixed.Make 100% sure that you are using a complex password to avoid problems with password policies.The hacker also reset the DS Restore Mode Password. I used the following FREE tool to reset this as well. http://pogostick.net/~pnh/ntpasswd/ Unplug all USB devices with the exception of a basic wired USB keyboard.
May 2nd, 2012 8:28am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics