Here’s a quick and dirty how-to on how to reset a Domain Controller password.

Disclaimer: I assume you own the machine you’re doing this procedure on. I take no responsibility whatsoever to whatever happens to you or your server. Proceed at your own risk.

First, download SRVANY and INSTSRV from here.

  1. Boot with SysRescCD or the ntpasswd live cd, reset the password for the local Administrator.
  2. Boot the machine into Directory Services Restore mode (press F8 at the start)
  3. Log in with Local Administrator, blank password
  4. Create a folder C:\nt and copy INSTSRV, SRVANY, and cmd.exe to it. If this is a Server 2008 machine, you’ll have to right-click the ZIP file and click Unblock before extracting it, otherwise Windows won’t let you do it.
  5. In a command prompt, cd to C:\nt or whatever you called it, and type instsrv PassRecovery “C:\nt\srvany.exe” adjusting the path accordingly.
  6. Start Regedit and open HKLM\System\CurrentControlSet\Services\PassRecovery
  7. Create a new subkey called Parameters and add two new values:
    name: Application
    type: REG_SZ (string)
    value: C:\nt\cmd.exe

    name: AppParameters
    type: REG_SZ (string)
    value: /k net user administrator new_password

  8. Change new_password above with a desired new password, keeping in mind password complexity policies.
  9. Open the Services applet, change PassRecovery to automatic startup.
  10. Click the Log On tab, check “Allow service to interact with desktop”
  11. REBOOT!
  12. You will not see a command prompt before logging in, but you will be able to log in with the new password.
  13. After logging in, use a command prompt with:
    net stop PassRecovery
    sc delete PassRecovery
  14. Delete C:\nt and change the admin password.

And that’s it! Easy enough..

Tags: , , , , , , ,

This entry was posted on Friday, October 3rd, 2008 at 4:17 pm and is filed under General. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a reply

Name (*)
Mail (will not be published) (*)