Saturday, August 18, 2012

How to Change or Reset Domain Password in Active Directory

"I can boot into Directory Services Restore Mode, but cannot login to the domain. Is there anything that I can do to reset the domain administrator password?"

Directory Services Restore Mode (DSRM) is a special boot mode for repairing or recovering Active Directory. You can log on to DSRM by using the local administrator password (also known as DSRM password) that you set when you set up Active Directory. But Windows doesn't provide any option for you to reset domain password after booting into DSRM mode. So if you forget your domain password, you've got trouble.

Unlocking your computer won't be easy, but it is possible. Reset Windows Password utility can help you change or reset domain password in Windows Server 2008/2003/2000 Active Directory, if you forgot domain administrator password or you are locked out of your account.

Step 1: Create a Domain Password Reset Disk

Download the Reset Windows Password utility. Once the download completes, right-click the .zip file and select Extract All. This will decompress the zip archive which there should be an ISO image file (ResetWindowsPwd.iso) inside.

Burn the ISO image to a blank CD or USB drive with the ISO2Disc software. It will take about one or two minutes to create a domain password reset disk.

Step 2: Set Boot Device Order in BIOS

Turn on your locked computer and hold down F2 or whatever the setup key is shown as during the initial boot screen. This should bring up the BIOS. In the BIOS look for the Boot Device Priority option, set CD/DVD as the 1st boot device if you want to boot from domain password reset CD. You can either set Removable Device as the 1st boot device if you want to boot off USB drive.

Next press F10 to save your changes and reboot the computer.

Step 3: Change Domain Password

Insert the domain password reset CD/USB into your locked computer. If you set up the BIOS correctly your computer should automatically boot from the domain password reset disk.

After a few minutes it will launch the Reset Windows Password utility. Choose the Reset Active Directory Password mode, it will scan your hard drive for partitions that may have Active Directory installed, and display a list of domain user accounts inside your Active Directory server.

Choose a domain user account whose password you want to change or reset, then click Reset Password button. It will change domain password to Password123 by default.

Now remove the domain password reset disk and restart your computer. You can then login to your domain controller with the new password.

Conclusion

This guide can be very useful if you forgot domain admin password or you are locked out of your account and unable to access all of files and software specifically tied to that account.

No comments:

Post a Comment