So some how, and I won’t judge, you don’t have the user name and or password of an Active Directory domain administrator account and you need into that system. Your typical Windows password resetting utilities won’t work. This is because tbhe domain user accounts and passwords are not in the systems registry like they are in Windows 7, for example, but are in Active Directory.
Ok so if your like me you don’t need the talk; your server is down because you don’t have a password and you have users or management breathing down your neck asking every five minutes if you got the server back up.
Go grab your OS install disk and follow the steps below.
1. Boot to the install disk.
2. Select your language.
3. Click the link to take you to the repair tools/console, Repair you computer.
4. Select your installation you want to repair.
5. Launch the command prompt.
6. Change to the System32 directory in the Windows install directory, e.g., D:\Windows\System32.
7. Run this command: copy utilman.exe utilman.bak to make a backup of utilman.exe.
8. Run this command: copy cmd.exe utilman.exe to replace utilman.exe with cmd.exe.
9. Pop the install cd out of the system.
10. Run this command: shutdown -r -t 0 to reboot the system.
11. Once your system is done booting and your at the logon screen.
12. Click the icon in the bottom left that looks like a clock or press the Windows key + U to launch the Ease of Access wizard. But wait … what’s this. It’s not the Ease of Access wizard but a command prompt running as the SYSTEM account.
13. After you settle the evil scientist laugh that’s going on in your head run this command: net user to get a list of users, handy if you don’t know the user name of a domain admin account.
14. Run this command: net user <username> to reset the password of that account to something you know. Now you will still have to meet the password complexity requirements, if there are any, a good one to use night be $top4G3t!ngP@$$w0rd$.
15. Close the command window and logon with your reset account and password.
16. Be a good little boy / girl and undo the hack you just did. Delete the cmd version of utilman, set the password to something you will remember, only one person knows, and strong.
17. Write down the password and secure it in a safe or something.
You can use this same method when your Windows 7 users forgot the password as well. Bellow you will find a video I made of a practical demonstration of this technique.