Tech Line

Lost Domain Admin Password Panic

Here's what to do when your Windows 2003 domain password has been lost.

• By Chris Wolf
• 06/20/2006

Good question, Kyle. You do have a few choices here. Since you can get to Directory Services Restore Mode, resetting the domain administrator password can be accomplished in a few minutes. If you need to reset the Directory Services Restore Mode Password, you can do this using the Offline NT Password & Registry Editor Bootdisk/CD. The Offline NT Password & Registry Editor is a nice tool for resetting local account passwords, and since it's free, it works for my budget.

On a domain controller, you can access Directory Services Restore Mode by pressing F5 when the system starts to boot and then selecting Directory Services Restore Mode from the Windows Advanced Options Menu.

Once you're logged in to Directory Services Restore Mode, you're ready to setup the password reset. My preferred method is to use the Windows Resource Kit tool AutoExNT. AutoExNT allows you to configure a batch script to run when the system starts, so it's an easy way to use a script to change the domain administrator password. To use this method to reset the domain administrator password, you'll first need to download the Windows Server 2003 Resource Kit Tools. You can install the tools on any Windows XP or Windows 2003 system. Once the tools are installed, navigate to the Resource Kit Tools installation folder (default location = C:\Program Files\Windows Resource Kits\Tools). From the Tools folder, you'll need these three files: Autoexnt.exe, Servmess.dll, and Instexnt.exe. All three files should be copied to the %systemroot%\system32 folder (default = C:\Windows\system32) on the domain controller.

With these files in place you now need to create a batch file to be used by the service. To do this, run the command:

notepad %systemroot%\system32\Autoexnt.bat

When prompted to create the file, click Yes. Now in Notepad, enter:

net user administrator P@ssw0rd /domain

In my example, I set the password to P@ssw0rd. Of course, you can set this to whatever you like. Once you have this line in the batch file, save the file and close Notepad.

You're now ready to install the AutoExNT service. To do this, go to the command prompt and run the command instexnt install. When the command completes, you should see the message "CreateService AutoExNT SUCCESS with InterActive Flag turned OFF." By default, the service will be set to Automatic, so you're ready to go.

Now you can just reboot the domain controller. When it reboots, the password will be set to the password that you specified in the batch file. Log in as administrator with the new password and you're all set. Of course, you're not going to want the AutoExNT service to run anymore at bootup, so you'll need to uninstall the service. To do this, go to the command prompt and run the command instexnt remove. You should now see the message "DeleteService SUCCESS" and you're all done.

With this tool in your bag of tricks, try not to give away how easy the password reset really is. I prefer to build the drama like any good episode of House. "I can't promise anything, but I'll do the best I can to save her. I need to be alone for this, so please wait outside." After resetting the password, you triumphantly leave the server room to the applause of your peers. Oh wait. I never actually did that. It was only one of my pathetic dreams. I know...pretty sad!