You forgot the domain admin password? This article explains how you can reset the administrator password in a Windows Server 2008 (R2) and Windows Server 2012 (R2) domain.
Profile gravatar of Michael Pietroforte

Michael Pietroforte

Michael Pietroforte is the founder and editor of 4sysops. He is a Microsoft Most Valuable Professional (MVP) with more than 30 years of experience in IT management and system administration.
Profile gravatar of Michael Pietroforte

First of all, you should never work with the “Administrator” account. Each admin should have his own account, for two reasons. First, it makes troubleshooting easier if an admin messes up. Second, if one admin forgets his password, another admin can reset it through Active Directory Users and Computers (ADUC). Whenever you reset a password, however, note that the corresponding account will no longer be able to access passwords stored in Internet Explorer or files that have been encrypted with EFS.

If you forgot the domain admin password, and no other administrator exists in this Windows domain, you can use the procedure below to reset the password. Note that the screenshots are for Windows Server 2012 R2 with Update. However, this guide also works for Windows Server 2012 and Windows Server 2008 R2.

With this password reset method, you have to boot from a second Windows installation. You then have to replace utilman.exe (the Utility Manager with ease-of-use functions such as the Narrator and Magnifier) on a domain controller with the command prompt (cmd.exe). Next, you’ll boot up the machine where you forgot the password, click the Utility Manager icon on the logon screen to launch a command prompt, and then reset the password. Here is the step-by-step guide:

  1. Boot from a Windows Server 2012 R2 DVD (or ISO file in a virtual environment) and click Next when Windows Setup loads.
    Windows Setup
  2. Press SHIFT + F10 to open a command prompt.
    Open command prompt in Windows Setup
  3. At the command prompt, enter:
    Note: On Windows Server 2008 R2, you will most likely have to replace the drive letter d: with c:. If you are unsure about the drive letter, search for the drive that contains the Windows folder. The driver letter for the instance of Windows PE that started Windows Setup is x:.
    Move utilman.exe
  4. Replace utilman.exe with cmd.exe:
    Copy cmd.exe
  5. Remove the boot media from the server and tell Windows PE to reboot:
    wpeutil reboot
  6. Once your domain controller is running again, click the Utility Manager icon.
    Utility Manager icon
  7. At the command prompt that (I hope) opened, reset the domain admin password with this command:
    Reset domain admin password
  8. You can now close the command prompt and log on with the new password. However, mainly for security reasons, I highly recommend restoring the original utilman.exe. For this, you have to again boot Windows Server setup, follow steps 1-2, and then enter:
    (Replace the drive letter if Windows isn’t installed on the d:)
    Restore utilman.exe
  9. After you removed the boot media, you can reboot the server again with
    Password reset complete

Obviously, this procedure can be used by anyone who has physical access to your servers. In my next post I will give you a few tips how you can prevent the Utilman.exe password reset trick.

Take part in our competition and win $100!

Share
0

51 Comments
  1. avatar
    Andrew Hilborne 3 years ago

    Or you can use NTpassword http://pogostick.net/~pnh/ntpasswd/

    0
  2. Profile gravatar of Michael Pietroforte
    Michael Pietroforte 3 years ago

    Andrew, thanks for the tip. I am currently playing with the tool to see if it still works with Windows 8.1. However, I think you can't use ntpasswd to reset a domain admin password because it only allows your to manipulate the SAM database.

    0
  3. avatar
    s 3 years ago

    Hi again,
    I tried following this and it said it moved and copied the files but after rebooting and pressing the utility manager icon, it doesn't open command prompt, it just operates as normal.
    This is a windows 8 tablet, so I'm booting off legacy to boot from a Windows 8 install disk and then changing back to UEFI so that I can boot back into windows normally, would that cause any issues?
    Thanks

    0
  4. Profile gravatar of Michael Pietroforte
    Michael Pietroforte 3 years ago

    I didn't try this procedure on a UEFI PC, but I doubt that this is the problem. It is more likely that you copied utilman.exe to the wrong location. Compare the file sizes of utilman.exe and cmd.exe and check if d:\windows\system32\utilman.exe has the size of cmd.exe after rebooting into the Windows installation where you forgot the password.

    0
  5. avatar
    philip 2 years ago

    Hi, my gf forgot her administrator password so I'm trying to reset it. However I can't see any folders on the hard drive and I can't go to the windows directory. Any ideas what is it that I could be doing wrong?

    0
  6. Profile gravatar of Michael Pietroforte
    Michael Pietroforte 2 years ago

    philip, try a different drive letter.

    0
  7. avatar
    Carlos Lamb 2 years ago

    Hello Michael,

    This allows us to reset the password for a local user account. Do you have instructions for how to change a domain admin account?

    0
  8. Profile gravatar of Michael Pietroforte
    Michael Pietroforte 2 years ago

    Carlos, it this for a domain account. It didn't work for you?

    0
  9. avatar
    Rashmiranjan 2 years ago

    It is working fine.Thanks Michael

    0
  10. avatar
    alina 2 years ago

    i don't know my pasworddd!!!!!!!!!!!

    WHAT IS IT

    0
  11. Profile gravatar of Michael Pietroforte
    Michael Pietroforte 2 years ago

    Try pasworddd!!!!!!!!!!! 😉

    0
  12. avatar
    abdul ahad 2 years ago

    Hi Micheal,

    i have an issue.. whenever i type this command

    move d:\windows\system32\utilman.exe d:\windows\system32\utilman.exe.bak

    it gives me error.

    THE SYSTEM CANNOT FIND THE PATH SPECIFIED.

    I tried using different disk letters but didnt work.. plz help.

    0
  13. Profile gravatar of Michael Pietroforte
    Michael Pietroforte 2 years ago

    abdul, your Windows installation is probably on another drive. Try the dive letter c: instead of d:

    0
  14. avatar
    anathi 2 years ago

    Hy ive got an interview IBM thinkpad which i got from my brother, so i decided to delete some unnecessary files. On it then it asked for being rebooted. And so i did, after it askd for an administrator password which even my brother. Didn't. Know so please help dont you atleast have. A hacking password?

    0
  15. avatar
    sagar 2 years ago

    thanks for your valuable information. i have successfully reset administrator passwords and it is very useful once again thanks.

    0
  16. avatar
    zeon 2 years ago

    my system32 folder does not have Utilman.exe what other file could be its alternative.

    0
  17. avatar
    Jan 2 years ago

    Thanks a lot.
    This worked great to recover my test domain administrator password.
    I was geussing longer than it took to change it. 😉

    0
  18. avatar
    felicia 2 years ago

    Hi. I tried to follow the steps of reset my administrator password. I got to the stage of the cmd. when I type the c: it says the syntax of the command is incorrect then I further try other letter but still giving me the same problem. Can anyone please help me solve this problem

    0
  19. avatar
    felicia 2 years ago

    When I type move d: \windows\system32\utilman.exe it says " is not recognised as an internal or external command, operable program or batch file. I need some directions please

    0
  20. Profile gravatar of Michael Pietroforte
    Michael Pietroforte 2 years ago

    felica, there should be no blank after d:

    0
  21. avatar
    felicia 2 years ago

    Hello Michael,
    I did exactly as you advised but I still have the same problem. is there any other possible ways to locate my c or d drive? I tried all means but to no avail

    0
  22. avatar
    Sriram 2 years ago

    I tried doing this. D:\ is mapped as the CD-drive on this. Our professor has setup virtual machines for all of us and we had to install windows 2012 on them. I think we used a virtual HDD for this. Because bios shows - VMware Virtual SCSI Hard Drive (0:0). Im not able to find system32 on any drive except x:\sources\windows\system32 but when i use that, the cmd doesnt pop up on reboot.

    Please help!

    0
  23. avatar
    Tony 2 years ago

    Will this method work with Windows 8. Will I loose any files because I locked my father's domail connected laptop.

    0
  24. avatar
    tony 2 years ago

    sir
    can yo explain what you have done in step 1 and how to get windows server 2012 and how to boot it.

    0
  25. Profile gravatar of Michael Pietroforte
    Michael Pietroforte 2 years ago

    Tony, yes the method works with Windows 8. If you encrypted files with EFS with this , you will be unable to decrypt after resetting the password.

    tony, you can use any Windows boot medium. You can download the Windows 10 ISO and put it on a bootable USB stick. If you are not an IT pro, you better ask for help.

    0
  26. avatar
    mary grace 2 years ago

    Sir I tried ur method but after typing "net user administrator * "
    I got a reply of the user ddnt found and NET HELPMSG 2221

    0
  27. avatar
    Omar 2 years ago

    Thanks worked like a charm on windows 2012 server.

    0
  28. avatar
    Robert 2 years ago

    Does not work with Win Server 2012 R2

    0
  29. Profile gravatar of Michael Pietroforte
    Michael Pietroforte 2 years ago

    Works well with Windows Server 2012 R2.

    0
  30. avatar
    Hossein 2 years ago

    Thanks a lot... wonderful documentary ... it also works with windows server 2008 R2. just in last step instead of net user administrator * it is better to type dsa.msc

    Thanks again

    0
  31. avatar
    Shiyas P M 1 year ago

    Hello, I went to reset my Administrator password via repair your computer mode , in Command prompt i cant get Windows drive .so i cant reset Administrator password. how to solve to view Windows installed drive in 2008 r2.

    0
  32. avatar
    spc 1 year ago

    Thanks Michael....these steps worked for me....
    Thank you so much

    0
  33. avatar
    Dave_Fox 1 year ago

    Michael, you are a genious! This worked exactly as you said it would and has saved me an incredible amount of time! I can't thank you enough!

    0
  34. avatar
    Arnaud 1 year ago

    Thanks so much for the tip 5mn top to reset the domain admin password.
    MAGIC !

    0
  35. avatar
    Anonymous 1 year ago

    Great...

    0
  36. avatar
    Mads Jensen 1 year ago

    Thank you, worked for me on Windows Server 2012 R2 domain admin.

    1+
  37. avatar
    sherah 1 year ago

    Hello.. Y is it that my command prompt appear only narrator etc..
    No other link..so how can i change user password,i forgot the domain pw.

    0
  38. avatar
    ElSAO 1 year ago

    Thanks Michael

    It works with Windows 2012 AD, I change the Domain Admin password and it was replicated to all DC.

    Thanks my friend from Tijuana Mexico

    0
  39. avatar
    Peter Camps 10 months ago

    Worked like a charm on Server 2012R2, nice article!

    0
  40. avatar
    Fabio 10 months ago

    Thank you for the trick

    It saved me

    0
  41. avatar
    JRidge 10 months ago

    Good job. Very nice...

    0
  42. avatar
    Gavin 9 months ago

    Im actually amazed that this works!

    However, can confirm on a 2012R2 domain controller. Very well done, thanks.

    Gavin.

    1+
  43. avatar
    kamal 9 months ago

    Thanks Michael, it worked!!!

    0
  44. avatar
    Dark Star 8 months ago

    Thank you VERY much, Michael.  It worked once I actually let go of the automatic habit of "net use" and actually did "net user" :-)!

    0
  45. avatar
    cszolee 3 months ago

    2012R2 DC, works.

    Thank you, Michael.

    0
  46. avatar
    Don 3 weeks ago

    Hi, Can you help me? My case is a bit different. I gave my personal laptop to install/ put on office domain. I quit my job. Moved to another country where I was given a domain connected laptop at my new job. Now its been years... now I dont remember my old login or password. I thought I could clean the laptop and give it to my young nephew just to play games...After all it has 6gb ram and 300 gb hdd. I have the original windows 7 key but it runs on Windows XP as per my previous domain requirements...I tried to log in with whatever left of my memory...it keeps saying "the system cannot log you on now because the domain **** is not availabe." There are 3 option in "Log on to" drop down menu 1) intranet 2) domain 3) this computer. I tried logging in locally too but had no success. It seems the internal drive is also password protected. The laptop is rightfully mine but I have no Idea what to do with it. can you suggest me some way?

    1+
    • Profile gravatar of Michael Pietroforte Author
      Michael Pietroforte 3 weeks ago

      If the internal drive is password protected, there is not much you can do. You you can try reinstalling Windows, but if you don't don't have the BIOS password, this might fail. There are hacking tools for various laptop models that allow you to manipulate the BIOS. However, this is only something for geeks. Another option is to bring the laptop to the manufacturer support. They probably can reset the BIOS and then you can either follow the procedure described in this post or reinstall Windows.

      0
  47. Profile gravatar of Paolo Maffezzoli
    Paolo Maffezzoli 3 weeks ago

    You can try to unlock/force the local admin password using some tool. I suggest to take a look Hiren's Boot CD. It is a well know tool collections that us a windows pe running on notable USB. It has also some passwords tools that can help you. For example you can use the NTPWedit and reset the local admin pwd. But as already explained by Michael, the hard disk password is more problematic and there is not an easy solution for this pwd.

    0
  48. Profile gravatar of Paolo Maffezzoli
    Paolo Maffezzoli 3 weeks ago

    Forgotten to mention the full link : Hiren's BootCD

     

    0
  49. avatar
    Don 3 weeks ago

    Hi guys, Thanks for the replies. Mike you were right. Fortunately there wasn't any bios password...i had misunderstood it. As you suggested i bought a new Windows 8 key...something cheap from eBay and downloaded an iso and installed it. Its a squeaky clean new laptio now. Thanks mate. Appreciate it. Thank to Paolo too...

    0
  50. avatar

    Well this in fantastic. After the cmd try mmc.exe and add the snapin active directory and users. Gess what .????

    This is brutal.

     

    0

Leave a reply

Your email address will not be published. Required fields are marked *

*

CONTACT US

Please ask IT administration questions in the forum. Any other messages are welcome.

Sending
© 4sysops 2006 - 2017

Log in with your credentials

or    

Forgot your details?

Create Account