Saturday, September 27, 2014

How to Reset Lost Active Directory Administrator Password

PCUnlocker is a rescue bootdisk that can help you reset forgotten Active Directory administrator password instantly. Unlike John the Ripper and other password cracking tools, PCUnlocker changes the password in no time instead of taking a very long time to recover it. After the password has been changed, we can login to domain administrator account with a new password.

Part 1: Create a PCUnlocker Live CD/USB Drive

PCUnlocker needs to be booted from a CD or USB stick to work. Before resetting Active Directory password, you need to use a spare PC to make a PCUnlocker Live CD/USB drive.
  1. Download and save the PCUnlocker self-extracting ZIP file to your desktop. Once downloaded, extract the ISO file (pcunlocker.iso) from the ZIP file.
  2. Download and install ISO2Disc, a free ISO burning software.
  3. Launch the ISO2Disc program. Click the Browse button to locate the pcunlocker.iso file, then click the Start Burn button to create a bootable CD or USB drive.
    Burn ISO Image to CD/DVD or USB flash drive
    If you're going to use a USB drive to reset password for a UEFI-based computer, make sure you choose the GPT partition style which is required for UEFI boot.
Part 2: Reset Active Directory Administrator Password
  1. Boot your domain controller from your newly created CD or USB drive.
  2. Upon boot, Windows PE will load, the PCUnlocker program will start and locate the Windows SAM registry file and Active Directory database (ntds.dit).
    Reset Windows Password
  3. You will be presented with the following two options:
     
    Reset Local Admin/User Password

    This option allows you to reset Windows local account password that is stored in the SAM registry file. After the local administrator password is reset, you can then log into Safe Mode or Directory Services Restore Mode (DSRM) without entering a password!
     
    Reset Active Directory Password

    Simply select the Active Directory database file (ntds.dit), the program will list the Active Directory user accounts available on your domain controller. Select the administrator account and click Reset Password button, the password will be changed to Password123.
    Note: While resetting the local or domain password, the program will also unlock/enable your selected account in the background if it is locked out or disabled.
  4. Click the Restart button to reboot the computer and remove the CD or USB drive, you can then log into domain controller successfully.
Additionally, PCUnlocker allows you to load any IDE/SCSI/SATA/RAID driver on the fly and mount a VHD/VHDX virtual hard disk, by clicking the Options button.

No comments:

Post a Comment