How to break domain administrator password

Recovering or resetting a password can be a tedious job requiring purchase of dodgy tools that promise you everything but you’ll  never know if they do until you bought them. This blog will show how I reset my Windows 2012 domain administrator password in under 2 minutes without any tools, just by using Microsoft tooling that you have at hand. It’s pretty amazing if you think that with access to a server you can reset any password within 2 minutes. Of course we are using recovery tools that are available by default but still with many administrators having access to servers in a datacenter this could be an issue. But that is for the architects to worry about, I for now will show you how this works, changing the domain admin password in 2 minutes.

Damn I forgot the password of my domain administrator account

We’ve all been there, Damn I forgot my password.

Two weeks ago my lab environment forced me to change my password, I’m sure I thought well about it and chose something that was logical to me. Just after that time the flu caught up with me and I was out for about a week. Coming back to work I started my lab, with much confidence I entered my password, then the other one, and one more combination…. sweat appearing on my forehead, no not at this moment!!!!

How to break domain administrator password

Stuck at this point I was getting frustrated with my lack to document anything related to my own lab environment. Where I document everything at customers I never document anything at home… I will start right now.

For now I had to find a solution to get my password back and the only solution was to use Windows tooling for I will not pay for any other tools.

So I connected the ISO file with the Windows 2012 source files to the virtual machine.

How to break domain administrator password

I shutdown the virtual machine and powered it on choosing power to BIOS.

How to break domain administrator password

After powering on the BIOS appears, make sure the CD drive is set as first boot device.

How to break domain administrator password

Then again shutdown the server and start it again (make sure the ISO is connected).

Press any key to start from the CD and wait for the Windows 2012 installation to start.

You will see the steps you have seen also when you installed the server the first time, perhaps there is any easier way to do this, but this worked for me.

How to break domain administrator password

I clicked next leaving everything default for I’m not going to install any server now.

The next screen show you the option to install the server, DO NOT CLICK THAT!

How to break domain administrator password

At the left bottom of the screen is the option to repair the server, below is a very large picture of that. Click on “Repair your computer”.

How to break domain administrator password

You will now be taken to the Repair section of Windows.
Some options there but troubleshoot is the most logical to choose, so click troubleshoot.

How to break domain administrator password

We’ve now come to the Advanced options section where you have to options, system image recovery and a command prompt. Hey that was what I was looking for, click it.

How to break domain administrator password

The command prompt opens… with X:Sources.

Your Windows installation is now secondary so you will have to change to D:WindowsSystem32 to get to the system files.

How to break domain administrator password

When you are in D:WindowsSystem32 you have to executer the following commands.

Copy UTILMAN.EXE UTILMAN.EXE.BAK

Move CMD.EXE UTILMAN.EXE

Press Y when asked to replace the file.

Now you can start the server normally and wait for the logon screen.

How to break domain administrator password

After you see the welcome screen, you hit the Windows key and press “U”

How to break domain administrator password

The command box pops-up.

In that command box you can enter the following command to reset the administrator password, or any.

NET USER Administrator “new password”

You’ve just changed the Administrator password and since this is a domain controller the domain admin password is changed. It’s recovered.Of course at this point you have some files that are renamed or changed. You need to change them back. So start the server from a installation media again and follow the steps into the repair until you have a CMD screen open. Navigate to D:Windowssystem32.

Now run the command

Copy UTILMAN.EXE CMD.EXE
REN UTILMAN.EXE.BAK UTILMAN.EXE

Accept the changes and you’re done…

Good luck recovering you passwords..


Post navigation

How can I break my computer administrator password?

Easy Steps to Use CMD to Crack Administrator Password Step 1: Launch the CMD from Windows recovery disk or the other admin account. Step 2: Type in the "net user" command. It will show you all the accounts on your PC. Step 3: See the admin account whose password you want to crack.

How can I remove domain without administrator password?

How to Unjoin a Domain Without the Administrator Password.
Click "Start" and right-click on "Computer." Select "Properties" from the drop-down menu of options. ... .
Click "Advanced System Settings.".
Click the "Computer Name" tab..
Click the "Change" button at the bottom of the "Computer Name" tab window..

Can domain administrator be locked out?

The domain administrator account cannot be locked out. Windows may generate "false" lockout events triggered by changes that could potentially cause this account lockout based on your account policies.