Search the Petri IT Knowledgebase
search icon

close

Windows

Cloud

Microsoft 365

PowerShell

Active Directory

Security

Windows Server

Video
Icon for WEBINAR ON-DEMAND!

WEBINAR ON-DEMAND!

Blocking Advanced Web Attacks with WAF

Icon for GET-IT Conference coming soon!!

GET-IT Conference coming soon!!

Threat Detection & The Role of Operational Resilie...

Icon for New Whitepaper!

New Whitepaper!

Maximizing Your SaaS Potential

Home

Security

Forgot the Administrator's Password? - Change Domain Admin Password in Windows 2000 AD

Daniel Petri

 |

Jan 8, 2009

Forgot the Administrator’s Password? – Reset Domain Admin Password in Windows 2000 AD
Note: In order to successfully use this trick you must first use one of the password resetting tools available on the Forgot the Administrator’s Password? page.

The reason for that is that you need to have the local administrator’s password in order to perform the following tip, and if you don’t have it, then the only method of resetting it is by using the above tool.
Read more about that on the Forgot the Administrator’s Password? page.
Update: You can also discuss these topics on the dedicated Petri.co.il Forgot Admin Password Forum.
Lamer note: This procedure is NOT designed for Windows XP, nor will it work on Windows Server 2003. For that you should read the Forgot the Administrator’s Password? – Change Domain Admin Password in Windows Server 2003 AD page.
Reader John Simpson added his own personal note regarding the changing of Domain Admin passwords on Windows NT domains and Windows 2000 Active Directory domains (HERE). I will quote parts of it (thanks John!):
As stated above, the very useful “Offline NT Password & Registry Editor boot disk” will only let you reset the password for the MACHINE Administrator account, not the DOMAIN Administrator account. As you probably know, on a Windows 2000 server which is an Active Directory controller, you CANNOT log into any machine-level account. Which means that resetting the MACHINE Administrator password is pretty much useless.
Or so it would seem. It turns out that “Directory Service Recovery Mode” uses the MACHINE-level accounts, since the whole point of this mode is that the AD control databases may be corrupted and you need a way to manually edit them (presumably using some high-priced third-party software package…)
I (John Simpson – DP) was able to reset the password on the DOMAIN Administrator account using the following procedure:

  1. Use the Offline NT Password & Registry Editor disk to reset the MACHINE Administrator password to “no password”.
  2. Reboot, hit F8, and enter “Directory Service Recovery Mode”. The machine will boot up as a standalone server without any Active Directory support.

 

  1. When the login screen appears, hit CTRL-ALT-DEL and log in as “Administrator” with no password. This is the MACHINE Administrator account, and does not have the ability to modify anything specific involving the Active Directory information, although it can backup and restore the physical files which contain the AD databases.
  2. Run “REGEDIT.EXE” (without the quotes). Navigate to

HKEY_USERS\.Default\Control Panel\Desktop

Lamer note: Make sure you write down the default values BEFORE changing them. You could also just PRINT SCREEN your registry editor display. The best option is to just backup the values to a .REG file by selecting the DESKTOP key and then selecting EXPORT from the FILE menu.
After you made sure you know what the default values are, change the following values:
SCRNSAVE.EXE – change from logon.scr to cmd.exe
ScreenSaveTimeout – change from 900 to 15
ScreenSaveActive – change to 1 (if it wasn’t 1 already)

  1. Reboot normally. When the box appears asking you to hit CTRL-ALT-DEL to log in, just wait.

 
After 15-30 seconds you will see a command prompt appear (since that is the screensaver).

  1. In the command prompt, type the following command:

MMC DSA.MSC
Lamer note: There is a space character between the “mmc” and the “dsa.msc”. Also, note that the DSA.MSC file is usually located in the SYSTEM32 subfolder of your WINDOWS or WINNT folder.
More lamer notes: DSA.MSC is actually the executable name for Active Directory Users and Computers, which in turn is the main tool for managing users, groups and computers in Windows 2000 Active Directory.
 
This should bring up the management console where you can edit users’ passwords, including the password for the Administrator account.
 

  1. After resetting the Administrator password, exit the management console and type the command EXIT in the command prompt window.
  2. Hit CTRL-ALT-DEL and log into the DOMAIN Administrator account using the new password!

Don’t forget to undo the changes you made to the registry (see step #4, lamer note), or you will always have a command prompt with Domain Administrator rights appear whenever somebody logs out.
You can also discuss these topics on the dedicated Petri.co.il Forgot Admin Password Forum.

Petri Newsletters

Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.

More in Security

Microsoft Warns Chinese Volt Typhoon Hacking Group Infects Critical US Infrastructure

May 26, 2023 | Rabia Noureen

Security

Microsoft Entra Introduces New Identity and Access Management Capabilities

May 24, 2023 | Rabia Noureen

Security

New Microsoft 365 Defender Feature Automatically Blocks Adversary-in-the-Middle Campaigns

May 18, 2023 | Rabia Noureen

Security

Microsoft Entra Boosts Security New Tools and Capabilities to Thwart Cyberattacks

May 10, 2023 | Rabia Noureen

Security

Webinar: Learn How to Keep Critical Web Apps Online and Sensitive Data Secure

May 9, 2023 | Russell Smith

Google Adds Support for Passkeys to Protect Google Accounts

May 4, 2023 | Rabia Noureen

Most popular on petri

Article saved!

Access saved content from your profile page. View Saved

Reach out

Learn More

Sitemap

Join The Conversation

Create a free account today to participate in forum conversations, comment on posts and more.

Copyright ©2019 BWW Media Group

Terms and Conditions of Use

 |

Privacy Policy