Part 1: Create a PCUnlocker Live CD/USB Drive
PCUnlocker needs to be booted from a CD or USB stick to work. Before resetting Active Directory password, you need to use a spare PC to make a PCUnlocker Live CD/USB drive.
- Download and save the PCUnlocker self-extracting ZIP file to your desktop. Once downloaded, extract the ISO file (pcunlocker.iso) from the ZIP file.
- Download and install ISO2Disc, a free ISO burning software.
- Launch the ISO2Disc program. Click the Browse button to locate the pcunlocker.iso file, then click the Start Burn button to create a bootable CD or USB drive.
If you're going to use a USB drive to reset password for a UEFI-based computer, make sure you choose the GPT partition style which is required for UEFI boot.
- Boot your domain controller from your newly created CD or USB drive.
- Upon boot, Windows PE will load, the PCUnlocker program
will start and locate the Windows SAM registry file and Active Directory
database (ntds.dit).
- You will be presented with the following two options:
Reset Local Admin/User Password
This option allows you to reset Windows local account password that is stored in the SAM registry file. After the local administrator password is reset, you can then log into Safe Mode or Directory Services Restore Mode (DSRM) without entering a password!
Reset Active Directory Password
Simply select the Active Directory database file (ntds.dit), the program will list the Active Directory user accounts available on your domain controller. Select the administrator account and click Reset Password button, the password will be changed to Password123.
Note: While resetting the local or domain password, the program will also unlock/enable your selected account in the background if it is locked out or disabled.
- Click the Restart button to reboot the computer and remove the CD or USB drive, you can then log into domain controller successfully.