How to reset the domain administrator password on Windows Server 2008

This probably should never happen, but there’s always that odd case when the domain administrator password simply disappears. If you did your job right, you would normally dig out your notes with the backup domain administrator details and use that to reset the administrator password. But . . . You don’t always have the luxury. Than you’ll have to find some other way. The scope of this article is to show you that other way.

The basic idea is to boot from the install DVD, open the command prompt, rename the Utilman.exe file and copy Cmd.exe in place of the Utilman.exe. When the server restarts, a command prompt can be brought up with full domain administrator permissions allowing to change the domain administrator password. For detailed instructions read on.

Boot the server using the install DVD. Select the language settings of your choice and continue to the following screen by clicking Next

Select Repair your computer

Make sure your operating system is listed, if not use the Load Driver button to provide drivers for storage controllers not recognized by the system. When the selected system is correct, click Next to continue.

On the Choose a recovery tool screen select the Command Prompt option.

When the command prompt opens, Navigate to the system drive – depending on the system and configuration, it could have the letter C: or D: assigned. Change to Windows folder and than to folder System32.

Next step is to rename the Utilman.exe file. This file provides the Easy Access functionality – either using the icon on the left bottom of the screen or using the Win+U key combination. To rename the file, type in the following command:

> move Utilman.exe Utilman.exe.bak

Followed by copying the Cmd.exe file in place of Utilman.exe:

> copy Cmd.exe Utilman.exe

At this point you can close out of the command prompt and restart the server. Wait until you will be prompted to log in.  When the logon screen appears, you can either use the keyboard combination Windows+U or click the ease of use icon on the left bottom side of the logon screen.

These commands would normally bring up the Ease of use screen, but since we replaced it’s EXE with the command prompt exe, you will be presented with this command prompt. And the icing on the top of the cake is that this command prompt has full domain administrator permissions.

From this command prompt you can run any tool as you like, but to make things as simple as possible i would open the Active Directory Users and Computers tool – dsa.msc. Once the tool is opened, i can check the properties of the Administrator user.

You might need to enable the Administrator account as it is disabled by default.

Once the account is enabled, you can reset the password. Just right click the administrator account and select the Reset password option.

Last but not least, type in the new administrator password, tick the Unlock the user’s account (just to be sure) and click OK to confirm the change. Make sure you make note of the new –  you don’t want to end up in this same situation in a few month time again.

When all is good after all this trouble, you can go back and delete the current Utilman.exe file and rename the Utilman.exe.bak file to Utilman.exe. This should restore the original functionality of the Ease of access tool.