Change Domain admin password

Berwill

Solid State Member
Messages
10
I would like to change my Domain admin password, it was setup long before I took over this position and is a pretty simple password. My concern is everything that uses that login, services ect not working afterwards.
Being the same password for all my servers I don't want to change it and then suddenly be locked out of something or things suddenly stop working. So I need to change it but concerned about this happening.
Here is what I have:
2 Server 2003 file servers ( Both are AD, file, and print servers ) 1 per physical location
1 server 2000 file server
1 server 2003 mail server ( IBM Domino )
All on a Domain
Active Directory
Multiple folders, printers shared.

Any advice would be great.
Thanks,
Will
 
No chance. These are older servers and adequate for what they are doing, I would replace them before upgrading the OS.
How would that matter?
Will
 
best advice.

go back and do it all again properly.

setup some accounts for use by the services and then go around and change the logon accounts for the services in the control panel.

one you've stopped the use of the administrator password over the domain then you should be able to change it.
 
I am afraid I am not following.
setup some accounts for use by the services? change the logon accounts for the services?
So I take it I could not just reset the password on Domain Admin, that would cause a problem?
Will
 
ok...

you've got a domain admin password,
and you've got services say a web server and a SQL server on machines that start authenticated as that domain admin.

what you need to do is create a new user in your Active directory domain called WebUser and one called SQLUser

then you need to look at the services in the advanced control panel and change the account to start up as these services to one of the users that you have just added, once you've made sure that there is nothing critical starting as the domain admin, then you can change the domain admin password.
 
Root,
I thought this might help make it clearer, this is what I found for the processes.
If I created a new user like Webuser and used that in the processes would they need to have the same rights as the Domain Admin?
Instead of setting up a new user and changing the process to that user could I just reset the Domain Admin password and then reset the passwords in the processes?

Mine say Log on as:
Local system account

Or:
This account - NT Authority\Localservice ( And a password )
NT Authority\Networkservice
.\Administrator
berwin(Domain name)\Administrator

Thanks,
Will
 
sure, you can change your administrators account password.

wait for stuff to break and then go round resetting the password for the services on all the boxes that have processes starting as administrator, all scheduled tasks starting as administrator etc...

fundamentally though, for really good security you should be changing your administrator password on a regular basis.

do you really want to be changing the password for service logins every time you change your admin password?
 
Ok, in trying to get this straight I think I made it worse.
I do want to change it regularly, being this is the first time I have done this I want to minimize the risk as much as possible so that if I change it and missed something I don't have to make a $250 call to Microsoft to get things working again.
I am going to have to read through the posts and try to sort it out, I really don't want it to come to a "leap of faith".
I appreciate everyone's input though.

Will
 
Back
Top Bottom