Special Local Admin Passwords on Domain Controllers

Windows Domain Controllers have a special Recovery Console that is accessible with a special local administrator password. A good document for this is on Petri at http://www.petri.co.il/change_recovery_console_password.htm. This password can be reset with the “ntdsutil” tool and steps similar to these:

  • ntdsutil
  • set dsrm password
  • reset password on server null
  • “quit” twice to exit

In addition to the recovery console, a new local administrator password will be set when a Domain Controller is “demoted” using the “dcpromo” tool. During demotion, a prompt appears allowing you to set the local admin password that will be required to login after the DC is no longer part of a domain.

Just some hints for when you’re working on a DC with the recovery console or after demoting.

About notesbytom

Keeping technology notes on WordPress.com to free up my mind to solve new problems rather than figuring out the same ones repeatedly :-).
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s