Saturday, March 21, 2015

Reset domain administrator password in directory services restore mode

Ran into this when I booted my lab DC, which I hadn't used often. It wouldn't take my domain administrator password! I remembered this was a brand new DC and I hadn't created any other domain admin passwords - and I just didn't want to spend the time rebuilding it.

Luckily, after rebooting the VM, pressing F8, and going into Directory Services Restore Mode  (DSRM), my pw did work there (do remember that it boots into a login screen where you now can use a local administrator, so change the user to .\administrator ). The only problem is I didn't know what to do next - how to reset the domain\administrator pw.

It took me a while to find it in Google, but here it is. Marc Weisel did an excellent post.

Head over there and read it all - but if you want the summary, here it is:

You basically create a service that will reset the pw on the next boot. The pw has to comply with your domain policy, and you must also change the user if you know you renamed it.

The commands are:

1) Create a service to reset the pw on next boot
2) reboot
3) delete the service

sc create ResetPW binPath= "%ComSpec% /k net user administrator PA$$w0rd94" start= auto
sc delete ResetPW