You forgot the domain admin password? This article explains how you can reset the administrator password in a Windows Server 2008 (R2) and Windows Server 2012 (R2) domain.

Michael Pietroforte

Michael Pietroforte is the founder and editor of 4sysops. He is a Microsoft Most Valuable Professional (MVP) with more than 30 years of experience in IT management and system administration.

First of all, you should never work with the “Administrator” account. Each admin should have his own account, for two reasons. First, it makes troubleshooting easier if an admin messes up. Second, if one admin forgets his password, another admin can reset it through Active Directory Users and Computers (ADUC). Whenever you reset a password, however, note that the corresponding account will no longer be able to access passwords stored in Internet Explorer or files that have been encrypted with EFS.

If you forgot the domain admin password, and no other administrator exists in this Windows domain, you can use the procedure below to reset the password. Note that the screenshots are for Windows Server 2012 R2 with Update. However, this guide also works for Windows Server 2012 and Windows Server 2008 R2.

With this password reset method, you have to boot from a second Windows installation. You then have to replace utilman.exe (the Utility Manager with ease-of-use functions such as the Narrator and Magnifier) on a domain controller with the command prompt (cmd.exe). Next, you’ll boot up the machine where you forgot the password, click the Utility Manager icon on the logon screen to launch a command prompt, and then reset the password. Here is the step-by-step guide:

  1. Boot from a Windows Server 2012 R2 DVD (or ISO file in a virtual environment) and click Next when Windows Setup loads.
    Windows Setup
  2. Press SHIFT + F10 to open a command prompt.
    Open command prompt in Windows Setup
  3. At the command prompt, enter:

    Note: On Windows Server 2008 R2, you will most likely have to replace the drive letter d: with c:. If you are unsure about the drive letter, search for the drive that contains the Windows folder. The driver letter for the instance of Windows PE that started Windows Setup is x:. (Update: As mentioned by Chidi, you can run the diskpart command and then on the displart prompt, you can enter the list vol command to get an overview of the available drives. The system drive should be labeled accordingly.)
    Move utilman.exe
  4. Replace utilman.exe with cmd.exe:

    Copy cmd.exe
  5. Remove the boot media from the server and tell Windows PE to reboot:

    wpeutil reboot
  6. Once your domain controller is running again, click the Utility Manager icon.
    Utility Manager icon
  7. At the command prompt that (I hope) opened, reset the domain admin password with this command:

    Reset domain admin password
  8. You can now close the command prompt and log on with the new password. However, mainly for security reasons, I highly recommend restoring the original utilman.exe. For this, you have to again boot Windows Server setup, follow steps 1-2, and then enter:

    (Replace the drive letter if Windows isn’t installed on the d:)
    Restore utilman.exe
  9. After you removed the boot media, you can reboot the server again with

    Password reset complete

Obviously, this procedure can be used by anyone who has physical access to your servers. In my next post I will give you a few tips how you can prevent the Utilman.exe password reset trick.

Win the monthly 4sysops member prize for IT pros

Share
1+

64 Comments
  1. Andrew Hilborne 3 years ago

    Or you can use NTpassword http://pogostick.net/~pnh/ntpasswd/

    0

  2. Michael Pietroforte 3 years ago

    Andrew, thanks for the tip. I am currently playing with the tool to see if it still works with Windows 8.1. However, I think you can't use ntpasswd to reset a domain admin password because it only allows your to manipulate the SAM database.

    0

  3. s 3 years ago

    Hi again,
    I tried following this and it said it moved and copied the files but after rebooting and pressing the utility manager icon, it doesn't open command prompt, it just operates as normal.
    This is a windows 8 tablet, so I'm booting off legacy to boot from a Windows 8 install disk and then changing back to UEFI so that I can boot back into windows normally, would that cause any issues?
    Thanks

    0

  4. Michael Pietroforte 3 years ago

    I didn't try this procedure on a UEFI PC, but I doubt that this is the problem. It is more likely that you copied utilman.exe to the wrong location. Compare the file sizes of utilman.exe and cmd.exe and check if d:\windows\system32\utilman.exe has the size of cmd.exe after rebooting into the Windows installation where you forgot the password.

    0

  5. philip 3 years ago

    Hi, my gf forgot her administrator password so I'm trying to reset it. However I can't see any folders on the hard drive and I can't go to the windows directory. Any ideas what is it that I could be doing wrong?

    0

  6. Michael Pietroforte 3 years ago

    philip, try a different drive letter.

    0

  7. Carlos Lamb 2 years ago

    Hello Michael,

    This allows us to reset the password for a local user account. Do you have instructions for how to change a domain admin account?

    0

  8. Michael Pietroforte 2 years ago

    Carlos, it this for a domain account. It didn't work for you?

    0

  9. Rashmiranjan 2 years ago

    It is working fine.Thanks Michael

    0

  10. alina 2 years ago

    i don't know my pasworddd!!!!!!!!!!!

    WHAT IS IT

    0

  11. Michael Pietroforte 2 years ago

    Try pasworddd!!!!!!!!!!! 😉

    0

  12. abdul ahad 2 years ago

    Hi Micheal,

    i have an issue.. whenever i type this command

    move d:\windows\system32\utilman.exe d:\windows\system32\utilman.exe.bak

    it gives me error.

    THE SYSTEM CANNOT FIND THE PATH SPECIFIED.

    I tried using different disk letters but didnt work.. plz help.

    0

  13. Michael Pietroforte 2 years ago

    abdul, your Windows installation is probably on another drive. Try the dive letter c: instead of d:

    0

  14. anathi 2 years ago

    Hy ive got an interview IBM thinkpad which i got from my brother, so i decided to delete some unnecessary files. On it then it asked for being rebooted. And so i did, after it askd for an administrator password which even my brother. Didn't. Know so please help dont you atleast have. A hacking password?

    0

  15. sagar 2 years ago

    thanks for your valuable information. i have successfully reset administrator passwords and it is very useful once again thanks.

    0

  16. zeon 2 years ago

    my system32 folder does not have Utilman.exe what other file could be its alternative.

    0

  17. Jan 2 years ago

    Thanks a lot.
    This worked great to recover my test domain administrator password.
    I was geussing longer than it took to change it. 😉

    0

  18. felicia 2 years ago

    Hi. I tried to follow the steps of reset my administrator password. I got to the stage of the cmd. when I type the c: it says the syntax of the command is incorrect then I further try other letter but still giving me the same problem. Can anyone please help me solve this problem

    1+

  19. felicia 2 years ago

    When I type move d: \windows\system32\utilman.exe it says " is not recognised as an internal or external command, operable program or batch file. I need some directions please

    0

  20. Michael Pietroforte 2 years ago

    felica, there should be no blank after d:

    0

  21. felicia 2 years ago

    Hello Michael,
    I did exactly as you advised but I still have the same problem. is there any other possible ways to locate my c or d drive? I tried all means but to no avail

    0

  22. Sriram 2 years ago

    I tried doing this. D:\ is mapped as the CD-drive on this. Our professor has setup virtual machines for all of us and we had to install windows 2012 on them. I think we used a virtual HDD for this. Because bios shows - VMware Virtual SCSI Hard Drive (0:0). Im not able to find system32 on any drive except x:\sources\windows\system32 but when i use that, the cmd doesnt pop up on reboot.

    Please help!

    0

  23. Tony 2 years ago

    Will this method work with Windows 8. Will I loose any files because I locked my father's domail connected laptop.

    0

  24. tony 2 years ago

    sir
    can yo explain what you have done in step 1 and how to get windows server 2012 and how to boot it.

    0

  25. Michael Pietroforte 2 years ago

    Tony, yes the method works with Windows 8. If you encrypted files with EFS with this , you will be unable to decrypt after resetting the password.

    tony, you can use any Windows boot medium. You can download the Windows 10 ISO and put it on a bootable USB stick. If you are not an IT pro, you better ask for help.

    0

  26. mary grace 2 years ago

    Sir I tried ur method but after typing "net user administrator * "
    I got a reply of the user ddnt found and NET HELPMSG 2221

    0

  27. Omar 2 years ago

    Thanks worked like a charm on windows 2012 server.

    0

  28. Robert 2 years ago

    Does not work with Win Server 2012 R2

    0

  29. Michael Pietroforte 2 years ago

    Works well with Windows Server 2012 R2.

    0

  30. Hossein 2 years ago

    Thanks a lot... wonderful documentary ... it also works with windows server 2008 R2. just in last step instead of net user administrator * it is better to type dsa.msc

    Thanks again

    0

  31. Shiyas P M 2 years ago

    Hello, I went to reset my Administrator password via repair your computer mode , in Command prompt i cant get Windows drive .so i cant reset Administrator password. how to solve to view Windows installed drive in 2008 r2.

    0

  32. spc 2 years ago

    Thanks Michael....these steps worked for me....
    Thank you so much

    0

  33. Dave_Fox 2 years ago

    Michael, you are a genious! This worked exactly as you said it would and has saved me an incredible amount of time! I can't thank you enough!

    0

  34. Arnaud 2 years ago

    Thanks so much for the tip 5mn top to reset the domain admin password.
    MAGIC !

    0

  35. Anonymous 2 years ago

    Great...

    0

  36. Mads Jensen 1 year ago

    Thank you, worked for me on Windows Server 2012 R2 domain admin.

    1+

  37. sherah 1 year ago

    Hello.. Y is it that my command prompt appear only narrator etc..
    No other link..so how can i change user password,i forgot the domain pw.

    0

  38. ElSAO 1 year ago

    Thanks Michael

    It works with Windows 2012 AD, I change the Domain Admin password and it was replicated to all DC.

    Thanks my friend from Tijuana Mexico

    0

  39. Peter Camps 1 year ago

    Worked like a charm on Server 2012R2, nice article!

    0

  40. Fabio 1 year ago

    Thank you for the trick

    It saved me

    0

  41. JRidge 1 year ago

    Good job. Very nice...

    0

  42. Gavin 1 year ago

    Im actually amazed that this works!

    However, can confirm on a 2012R2 domain controller. Very well done, thanks.

    Gavin.

    1+

  43. kamal 1 year ago

    Thanks Michael, it worked!!!

    0

  44. Dark Star 12 months ago

    Thank you VERY much, Michael.  It worked once I actually let go of the automatic habit of "net use" and actually did "net user" :-)!

    0

  45. cszolee 7 months ago

    2012R2 DC, works.

    Thank you, Michael.

    0

  46. Don 5 months ago

    Hi, Can you help me? My case is a bit different. I gave my personal laptop to install/ put on office domain. I quit my job. Moved to another country where I was given a domain connected laptop at my new job. Now its been years... now I dont remember my old login or password. I thought I could clean the laptop and give it to my young nephew just to play games...After all it has 6gb ram and 300 gb hdd. I have the original windows 7 key but it runs on Windows XP as per my previous domain requirements...I tried to log in with whatever left of my memory...it keeps saying "the system cannot log you on now because the domain **** is not availabe." There are 3 option in "Log on to" drop down menu 1) intranet 2) domain 3) this computer. I tried logging in locally too but had no success. It seems the internal drive is also password protected. The laptop is rightfully mine but I have no Idea what to do with it. can you suggest me some way?

    1+

    • Author
      Michael Pietroforte 5 months ago

      If the internal drive is password protected, there is not much you can do. You you can try reinstalling Windows, but if you don't don't have the BIOS password, this might fail. There are hacking tools for various laptop models that allow you to manipulate the BIOS. However, this is only something for geeks. Another option is to bring the laptop to the manufacturer support. They probably can reset the BIOS and then you can either follow the procedure described in this post or reinstall Windows.

      0

  47. Paolo Maffezzoli 5 months ago

    You can try to unlock/force the local admin password using some tool. I suggest to take a look Hiren's Boot CD. It is a well know tool collections that us a windows pe running on notable USB. It has also some passwords tools that can help you. For example you can use the NTPWedit and reset the local admin pwd. But as already explained by Michael, the hard disk password is more problematic and there is not an easy solution for this pwd.

    0

  48. Paolo Maffezzoli 5 months ago

    Forgotten to mention the full link : Hiren's BootCD

     

    0

  49. Don 5 months ago

    Hi guys, Thanks for the replies. Mike you were right. Fortunately there wasn't any bios password...i had misunderstood it. As you suggested i bought a new Windows 8 key...something cheap from eBay and downloaded an iso and installed it. Its a squeaky clean new laptio now. Thanks mate. Appreciate it. Thank to Paolo too...

    0

  50. João Félix Moreira 4 months ago

    Well this in fantastic. After the cmd try mmc.exe and add the snapin active directory and users. Gess what .????

    This is brutal.

     

    0

  51. Paolo 4 months ago

    Works fine.

    w2012 r2 boot cd on w2008 r2 DC

    Thanks

    0

  52. sameh 4 months ago

    Hi,

    i tried to locate the windows drive,  i couldn't found it, i tired D: E: F: G: .... with the same msg " the system cannot find the drive specified", for information, the windows is working from the harddisk find, so the hard disk is connected and have no problem, the only drive that i can see is C: through CMD, but its the external hard disk connected via USB port and its not includes the windows file!!!

    can you help me  🙁

     

    0

    • Author
      Michael Pietroforte 4 months ago

      Maybe the system drive is encrypted? In that case, you can't do anything and reinstall.

      0

  53. N. Schultz 3 months ago

    It worked on my 2012 R2 Essentials domain in my home lab running on ESXi 6.5 fully patched.
    Thank you for sharing this extremely useful information!

    0

  54. Chidi Iwuoha 3 months ago

    Hi Michael,i think the only thing missing is that you forget to mention entering "diskpart" first by typing diskpart on the prompt and press Enter.
    Thereafter, they should type "list vol" and press Enter to see the drive letters for each of the drives available.
    Make a note of the drive letter assigned by the WinRE environment - it may not be C: or D:
    Type "exit" and press Enter - The command prompt will return to the X:\Sources> prompt and you can continue with the steps...

    1+

  55. Andy 3 months ago

    Thanks for the detailed procedure.

    What are the security implications of not "re-copying" the original utilman.exe? Can you elaborate on that?

    Cheers,

    Andy

    0

    • Author
      Michael Pietroforte 3 months ago

      Well, isn't that obvious? If you don't restore utilman.exe, anyone who has physical access to the computer can reset passwords without even having to boot boot from external media.

      2+

  56. Tony 3 months ago

    need help method appears successful but still getting the wrong username or password (i use this method after being locked off my server via intrusion) Win Serv. 2012R2

    0

  57. Suri 4 weeks ago

    Excellent .. Worked for me. Thnx
    I just replace the drive letter from D: to E: as it is Win2k12 OS

    0

  58. invalidNick 5 days ago

    My problem is that when i run the diskpart command it doesnt find any volumes, any tip on this?

    0

    • Author

      Can you see the disks with the list disk command after you launched diskpart? Maybe your volumes are encrypted?

      0

Leave a reply

Your email address will not be published. Required fields are marked *

*

CONTACT US

Please ask IT administration questions in the forum. Any other messages are welcome.

Sending
© 4sysops 2006 - 2017

Log in with your credentials

or    

Forgot your details?

Create Account