What to do when you inherit an environment after previous admin left the company without leaving the domain admin password? How-to Reset the Windows Domain Administrator Password? Is there a easy way to do it? That was questions which I tried to quickly resolve and I thought that most of you might get interested as well. All depends of the environment you're working with and also the BIOS or EFI configuration of the domain controler.
If your DC is a virtual machine or physical server, you'll need to have physical access to the server or access to the underlying virtualization management platform (ESXi, Hyper-V, Xen…) via some management console. In VMware you'll use vSphere client. You'll need a 2012R2 ISO which will get attached to the VM during the boot or DVD if you're running on physical system.
Reset Windows Domain Administrator Password – The steps
The target is the Windows/system32 folder, so depending how the boot disk is organized with partitions, the drive letter might differ. Let's assume that the drive letter is D:
01. Attach a W2012R2 ISO to the VM > Boot on the ISO > Click Next when Windows Setup loads and hit Shift + F10.
This opens a command prompt. Change directory and place yourself in windows/system32. There we'll need to do some “hacking”….
move utilman.exe utilman.exe.old
(makes copy of utilman.exe called utilman.exe.old and place it in the same directory)
Move cmd.exe utilman.exe
(overwrite utilman.exe with cmd.exe)
02. Now reboot the VM and hit the icon as on this screenshot… This bring up a command prompt!
03. Change the domain administrator's password with this command
net user administrator password1234
04. Clean-up > Reboot the host with an ISO attached once more > Shift +F10 > command prompt…
With a reverse steps now:
move /y utilman.exe.old utilman.exe
the /Y is to overwrite the file without prompt…
All done. Disconnect the ISO and reboot the VM. You can now log in with the new password.
Note: I had a trouble showing the local disk with the partitions. In fact the virtual machine DC was configure to use EFI (not BIOS) firmware. To test this how-to I created a secondary DC with BIOS as boot firmware. The test worked, but how to find out about the partitioning of EFI firmware which causes problem?
I took a screenshot showing the difference between VMs configured with BIOS or EFI firmware boot options. The option can be found in VM > properties > Options > Boot Options.
Well obviously when you want to change from EFI to BIOS firmware just like that the VM won't boot… It's certainly the boot sector pointing to the wrong partition, but why in the WinPE environment there are no local disks showing?
So I'd have to look for a solution on that as I'm really curious on how to solve it. This scenario can happen, you can encounter a VM or physical system configured to booting of with EFI and then the solution described here just don't work. If you have a solution, leave comment so I can update the post. Share with others… -:)
Vlad – You discussed this process on a domain controller to reset the Domain\Administrator password but I’m assuming that it would also work on non-DC’s as well? Also, does this trick work with any version of Windows so long as you boot from the Win2012R2 ISO?
Yes it works for standalone servers as well. Haven’t tested with W8.x or W7.x but I’d expect this pretty much the same. Plus, the endpoints can be reset with a bootable Linux CD’s freely available too. The problem with domain controllers is that DC does not have a local SAM database, only the Domain database. Only few tools available, and often paid only.
Hi Vladan! Give a try with the commercial software – PCUnlocker Enterprise. It’s a Windows password removal bootdisk based on WinPE5.0 which supports UEFI booting. It can recognize my virtual hard drive correctly. I hope it will also work for you.
Thanks for the info, but my intention was NOT to spend money on such a tool and perhaps my readers too… -:). I know that there is paid software which can do that.