Password reset of your domain administrator account


Password reset of your domain administrator account

Recovering or resetting a password can be a tedious job requiring purchase of dodgy tools that promise you everything but you’ll ┬ánever know if they do until you bought them. This blog will show how I reset my Windows 2012 domain administrator password in under 2 minutes without any tools, just by using Microsoft tooling that you have at hand. It’s pretty amazing if you think that with access to a server you can reset any password within 2 minutes. Of course we are using recovery tools that are available by default but still with many administrators having access to servers in a datacenter this could be an issue. But that is for the architects to worry about, I for now will show you how this works, changing the domain admin password in 2 minutes.

Damn I forgot the password of my domain administrator account

We’ve all been there, Damn I forgot my password.

Two weeks ago my lab environment forced me to change my password, I’m sure I thought well about it and chose something that was logical to me. Just after that time the flu caught up with me and I was out for about a week. Coming back to work I started my lab, with much confidence I entered my password, then the other one, and one more combination…. sweat appearing on my forehead, no not at this moment!!!!
password
Stuck at this point I was getting frustrated with my lack to document anything related to my own lab environment. Where I document everything at customers I never document anything at home… I will start right now.
For now I had to find a solution to get my password back and the only solution was to use Windows tooling for I will not pay for any other tools.
So I connected the ISO file with the Windows 2012 source files to the virtual machine.
password
I shutdown the virtual machine and powered it on choosing power to BIOS.
password
After powering on the BIOS appears, make sure the CD drive is set as first boot device.
password
Then again shutdown the server and start it again (make sure the ISO is connected).
Press any key to start from the CD and wait for the Windows 2012 installation to start.
You will see the steps you have seen also when you installed the server the first time, perhaps there is any easier way to do this, but this worked for me.
password
I clicked next leaving everything default for I’m not going to install any server now.
The next screen show you the option to install the server, DO NOT CLICK THAT!
password

At the left bottom of the screen is the option to repair the server, below is a very large picture of that. Click on “Repair your computer”.

password

You will now be taken to the Repair section of Windows.
Some options there but troubleshoot is the most logical to choose, so click troubleshoot.

password

We’ve now come to the Advanced options section where you have to options, system image recovery and a command prompt. Hey that was what I was looking for, click it.

password

 

The command prompt opens… with X:Sources.
Your Windows installation is now secondary so you will have to change to D:WindowsSystem32 to get to the system files.
password
When you are in D:WindowsSystem32 you have to executer the following commands.
Copy UTILMAN.EXE UTILMAN.EXE.BAK
Move CMD.EXE UTILMAN.EXE
Press Y when asked to replace the file.
Now you can start the server normally and wait for the logon screen.
password
After you see the welcome screen, you hit the Windows key and press “U”
password
The command box pops-up.
In that command box you can enter the following command to reset the administrator password, or any.
NET USER Administrator “new password”

You’ve just changed the Administrator password and since this is a domain controller the domain admin password is changed. It’s recovered.Of course at this point you have some files that are renamed or changed. You need to change them back. So start the server from a installation media again and follow the steps into the repair until you have a CMD screen open. Navigate to D:Windowssystem32.

Now run the command

Copy UTILMAN.EXE CMD.EXE
REN UTILMAN.EXE.BAK UTILMAN.EXE

Accept the changes and you’re done…

Good luck recovering you passwords..

2 Responses

  1. Thomas says:

    Very nice solution.
    I have also seen an other ingenious usage of UTILMAN.EXE in a projet, where it was replaced with an IT Support Tool, with helpful commands or information (but no CMD.EXE as it would be too unsafe as you shown!).

  1. September 6, 2016

    […] Read the entire article here, Password reset of your domain administrator account […]

Leave a Reply

https://tracking.cirrusinsight.com/869c29e2-3a9b-48c5-9232-0b95e7993ae8/controlup-com-pixel-php