Go Back   Tech Support Forum > Microsoft Support > Windows NT/2000/2003, 2008 and 2012 Server

Change Domain admin password

This is a discussion on Change Domain admin password within the Windows NT/2000/2003, 2008 and 2012 Server forums, part of the Tech Support Forum category. I would like to change my Domain admin password, it was setup long before I took over this position and


Closed Thread
 
Thread Tools Search this Thread
Old 09-15-2010, 06:42 AM   #1
Registered Member
 
Join Date: Sep 2010
Posts: 4
OS: Windows 7



I would like to change my Domain admin password, it was setup long before I took over this position and is a pretty simple password. My concern is everything that uses that login, services ect not working afterwards.
Being the same password for all my servers I don't want to change it and then suddenly be locked out of something or things suddenly stop working. So I need to change it but concerned about this happening.
Here is what I have:
2 Server 2003 file servers
1 server 2000 file server
1 server 2003 mail server ( IBM Domino )
All on a Domain
Active Directory
Multiple folders, printers shared.

Any advice would be great.
Thanks,
Will

__________________
Berwill is offline  
Old 09-15-2010, 08:25 AM   #2
Registered Member
 
Join Date: Nov 2008
Location: England
Posts: 905
OS: Vista,XP, Windows 7, Server 2003, Server 2008 R2 and Linux.



it wont lock anything out, it might just ask to reauthenticate the password for the account thats all. Oh it will lock out anyone who tries to get in with the old password. We change our admin passwords on a regular basis as a security measure.

__________________
Maz_- is offline  
Old 09-15-2010, 02:09 PM   #3
Registered Member
 
Join Date: Sep 2010
Posts: 4
OS: Windows 7



What if it is a service that requires the Domain admin login, how will it reauthenticate?
Yea that is what I would like to do, change it because it has probably never been changed. I am the only I.T. person so I am just a little nervous about changing it and then something that was using it not working. And I just don't have the time or any help if something like that happened to run down the problem.
If there were a problem would putting it back to the old password fix it?
Will
__________________
Berwill is offline  
Old 09-16-2010, 03:16 AM   #4
Registered Member
 
Join Date: Nov 2008
Location: England
Posts: 905
OS: Vista,XP, Windows 7, Server 2003, Server 2008 R2 and Linux.



Well a service wouldnt automatically use the domain username and password. It would require the user to login using the credentials (thats my understanding). So if you did change the password it shouldnt knock any of the network service down but it will only ask the user logged in with the domain account to re-authenticate themselves with the new password as security reason.

Once you change the password to a new one it will ask for reauthentication but if you change it back to old one again, it will still ask for the password to reauthorise. Hope this helps.
__________________
Maz_- is offline  
Old 09-16-2010, 05:07 AM   #5
Registered Member
 
Join Date: Feb 2010
Location: US
Posts: 326
OS: win 03, xp pro



Quote:
Originally Posted by Berwill View Post
I would like to change my Domain admin password, it was setup long before I took over this position and is a pretty simple password. My concern is everything that uses that login, services ect not working afterwards.
Being the same password for all my servers I don't want to change it and then suddenly be locked out of something or things suddenly stop working. So I need to change it but concerned about this happening.
Here is what I have:
2 Server 2003 file servers
1 server 2000 file server
1 server 2003 mail server ( IBM Domino )
All on a Domain
Active Directory
Multiple folders, printers shared.

Any advice would be great.
Thanks,
Will
If there are all in the same domain you will have no problem. Each time you login from somewhere it connects with AD to check and make sure it is a vaild PW. So look in either the PC Computer listing in AD or your DNS management app. If the server or PC is listed in there you will have no problem.

One thing that could be a problem is the printers. "We could not know because we dont know how your system is setup".
If the printer is setup in Explorer to access the printer settings that could have been set when the printer was installed. So that could just stay the same. If it does not work just use the old PW and will be fine. When I installed new printers and access the printer app from an explorer window I was asked to set the PW at that time. I did make it the same as my Domain admin PW but I could have made it anything I wanted, so it could be diff.

Basically anywhere you have an option to change the PW will stay the same. But on all the servers and PCs listed in AD will change along with everything else. If the app or PC "only if you login locally" has an option somewhere within to change the PW you would need to do it that way for that APP or local PC.
__________________
joeny0706 is offline  
Old 09-16-2010, 06:22 AM   #6
Moderator - Microsoft Support Team
 
Join Date: Jun 2010
Location: Saskatchewan, Canada
Posts: 2,348
OS: XP SP3, Windows 7 SP1



One of the advantages of a domain is that it centralizes security. You only need to change your password in one place and the change will be in effect everywhere. Your access to domain resources is based on your account. The password is only used to verify that a user logging on is who he claims to be.

I see only two problems with changing a password:

1. Services that use your account. Since most services use a system account there should be few instances of this.
2. Scheduled tasks. You would need to update your password for these.

In any event changing your password is a necessary security precaution. The consequences of your login name and password falling into the wrong hands can be dire.
__________________
LMiller7 is offline  
Old 09-17-2010, 12:09 PM   #7
Registered Member
 
Join Date: Sep 2010
Posts: 4
OS: Windows 7



Joeny0706
When you say the PC computer listing in AD are you referring to the computer folder under the root?
Like I have berwin.com
Domain Controllers beneath it that contain my 2 DCs
Bercomputers folder - Miramar folder has my other 3 servers

I am not sure what you mean, is the printer setup in Explorer. All printers are install on the File/Print server and to install a printer on a desktop I just UNC to the server and double click the printer to install it.

LMiller7
Services was one of my concerns, how can I verify none would be affected?
Same with Scheduled tasks, how can I verify that?
Yes and since I don't beleive it has ever been change that is why I want to.

I thought I should be a little more specific on my network:
2 Server 2003 file servers ( Both are AD, file, and print servers ) 1 per physical location
1 server 2000 file server
1 server 2003 mail server ( IBM Domino )
All on a Domain
Active Directory
Multiple folders, printers shared.

Thanks for everyone's help. It doesn't sound like I will have a problem, I just want to be as sure as possible before taking the plung...
__________________
Berwill is offline  
Old 09-17-2010, 02:13 PM   #8
Management Team Networking
 
Join Date: Sep 2010
Location: Oregon
Posts: 15,034
OS: Vista/Win7



how can I verify none would be affected?
You would review each service under services for what logon account they are using. Same procedure for scheduled tasks.

Note: you should not be using the Administrator account. One of the security recommendations is to take way rights from the administrator account to leave it as bait if you are hacked. You should have other administrator equal accounts in case an admin account gets corrupted.
__________________
Wand3r3r is offline  
Old 09-17-2010, 03:20 PM   #9
Registered Member
 
Join Date: Sep 2010
Posts: 4
OS: Windows 7



Wand3r3r,
I see what your saying. Go to Services, open one, go to the Log On tab.
Mine say Log on as:
Local system account

Or:
This account - NT Authority\Localservice ( And a password )
NT Authority\Networkservice
.\Administrator
berwin(Domain name)\Administrator

Scheduled tasks you are referring to:
Programs - Accessories - System Tools?
There is nothing in mine.

Your right I do need to use a different one.
Thanks,
Will

__________________
Berwill is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 06:33 PM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts