You forgot the domain admin password? This article explains how you can reset the administrator password in a Windows Server 2008 (R2) and Windows Server 2012 (R2) domain.

Michael Pietroforte

Michael Pietroforte is the founder and editor in chief of 4sysops. He has more than 35 years of experience in IT management and system administration.

First of all, you should never work with the “Administrator” account. Each admin should have his own account, for two reasons. First, it makes troubleshooting easier if an admin messes up. Second, if one admin forgets his password, another admin can reset it through Active Directory Users and Computers (ADUC). Whenever you reset a password, however, note that the corresponding account will no longer be able to access passwords stored in Internet Explorer or files that have been encrypted with EFS.

If you forgot the domain admin password, and no other administrator exists in this Windows domain, you can use the procedure below to reset the password. Note that the screenshots are for Windows Server 2012 R2 with Update. However, this guide also works for Windows Server 2012 and Windows Server 2008 R2.

With this password reset method, you have to boot from a second Windows installation. You then have to replace utilman.exe (the Utility Manager with ease-of-use functions such as the Narrator and Magnifier) on a domain controller with the command prompt (cmd.exe). Next, you’ll boot up the machine where you forgot the password, click the Utility Manager icon on the logon screen to launch a command prompt, and then reset the password. Here is the step-by-step guide:

  1. Boot from a Windows Server 2012 R2 DVD (or ISO file in a virtual environment) and click Next when Windows Setup loads.
    Windows Setup
  2. Press SHIFT + F10 to open a command prompt.
    Open command prompt in Windows Setup
  3. At the command prompt, enter:

    Note: On Windows Server 2008 R2, you will most likely have to replace the drive letter d: with c:. If you are unsure about the drive letter, search for the drive that contains the Windows folder. The driver letter for the instance of Windows PE that started Windows Setup is x:. (Update: As mentioned by Chidi, you can run the diskpart command and then on the displart prompt, you can enter the list vol command to get an overview of the available drives. The system drive should be labeled accordingly.)
    Move utilman.exe
  4. Replace utilman.exe with cmd.exe:

    Copy cmd.exe
  5. Remove the boot media from the server and tell Windows PE to reboot:

    wpeutil reboot
  6. Once your domain controller is running again, click the Utility Manager icon.
    Utility Manager icon
  7. At the command prompt that (I hope) opened, reset the domain admin password with this command:

    Reset domain admin password
  8. You can now close the command prompt and log on with the new password. However, mainly for security reasons, I highly recommend restoring the original utilman.exe. For this, you have to again boot Windows Server setup, follow steps 1-2, and then enter:

    (Replace the drive letter if Windows isn’t installed on the d:)
    Restore utilman.exe
  9. After you removed the boot media, you can reboot the server again with

    Password reset complete

Obviously, this procedure can be used by anyone who has physical access to your servers. In my next post I will give you a few tips how you can prevent the Utilman.exe password reset trick.

Win the monthly 4sysops member prize for IT pros

3+
Share
83 Comments
  1. Paolo 2 years ago

    Works fine.

    w2012 r2 boot cd on w2008 r2 DC

    Thanks

    1+

  2. sameh 2 years ago

    Hi,

    i tried to locate the windows drive,  i couldn't found it, i tired D: E: F: G: .... with the same msg " the system cannot find the drive specified", for information, the windows is working from the harddisk find, so the hard disk is connected and have no problem, the only drive that i can see is C: through CMD, but its the external hard disk connected via USB port and its not includes the windows file!!!

    can you help me  🙁

     

    1+

    • Author
      Michael Pietroforte 2 years ago

      Maybe the system drive is encrypted? In that case, you can't do anything and reinstall.

      1+

  3. N. Schultz 2 years ago

    It worked on my 2012 R2 Essentials domain in my home lab running on ESXi 6.5 fully patched.
    Thank you for sharing this extremely useful information!

    1+

  4. Chidi Iwuoha 2 years ago

    Hi Michael,i think the only thing missing is that you forget to mention entering "diskpart" first by typing diskpart on the prompt and press Enter.
    Thereafter, they should type "list vol" and press Enter to see the drive letters for each of the drives available.
    Make a note of the drive letter assigned by the WinRE environment - it may not be C: or D:
    Type "exit" and press Enter - The command prompt will return to the X:\Sources> prompt and you can continue with the steps...

    2+

  5. Andy 2 years ago

    Thanks for the detailed procedure.

    What are the security implications of not "re-copying" the original utilman.exe? Can you elaborate on that?

    Cheers,

    Andy

    1+

    • Author
      Michael Pietroforte 2 years ago

      Well, isn't that obvious? If you don't restore utilman.exe, anyone who has physical access to the computer can reset passwords without even having to boot boot from external media.

      3+

  6. Tony 2 years ago

    need help method appears successful but still getting the wrong username or password (i use this method after being locked off my server via intrusion) Win Serv. 2012R2

    1+

  7. Suri 2 years ago

    Excellent .. Worked for me. Thnx
    I just replace the drive letter from D: to E: as it is Win2k12 OS

    1+

  8. invalidNick 2 years ago

    My problem is that when i run the diskpart command it doesnt find any volumes, any tip on this?

    1+

    • Author
      Michael Pietroforte 2 years ago

      Can you see the disks with the list disk command after you launched diskpart? Maybe your volumes are encrypted?

      1+

  9. Piotr 2 years ago

    Hi,

    It's works on Windows 2016SRV standard. Very good :-).
    Sometimes (i like this) i change domain admin name by "Local security Policy". In "AD User manager" list old (original name - administrator). You my see correctly name of administrator:
    1. In cmd window type: secpol.msc
    2. Go to: Local Policies->Security Options-> Accounts: Rename administrator account.

    Now you try to login with this username 🙂

    Sorry, my english is from school 😛

    1+

  10. Faheem 2 years ago

    Sir I tried to input both c and d one by one but in command prompt it says
    The system can not find the path specifed.

    2+

  11. Faheem 2 years ago

    Thanks

    I changed letter from d to D and it worked.

    2+

  12. Chris C 2 years ago

    I did the copy but when i lreaa to ease of access i get a cmd account command window with

    Cmd Accounts

    ==========

    [1] Log in

    [2] Exit

    So i stil cant do the procedure. Anyone encouter this and know a solution to it

     

    1+

    • Author
      Michael Pietroforte 2 years ago

      Strange. What happens if you press CTRL+C? Maybe cmd.exe was already replaced on that computer? Maybe you can get it from another machine?

      1+

  13. Brian 1 year ago

    Thank you! I've used this trick on Win 10 for local passwords, but never dreamed about a domain admin password. Now to troubleshoot the issue of my domain admin password being incorrect.

    1+

  14. Brian 1 year ago

    To clarify, troubleshoot why my domain admin password became incorrect in the first place.

    1+

  15. Shay Mor 1 year ago

    Thanks you saved me!

    1+

  16. Tony 1 year ago

    How do I accomplish this procedure on a virtual 2012 R2 domain controller running VSphere?

    When I access the command prompt, I don't have access to the C drive and I get a "Drive does not exist message."

    1+

  17. Tony 1 year ago

    How do I use this procedure on a virtual 2012 R2 domain controller (client) running on a VSphere ESXi (Host)?

    When I get to the step to select the C: drive I get a message that the "drive not available".

    The only visible drives are the X:- the virtual boot drive, and D - which is the CD Drive.

    1+

  18. Chidi Iwuoha 1 year ago

    Hi Tony,

    I suspect C is not the drive volume letter.

    Type the following command and press Enter first:

    • diskpart

    Then type the following command to list the volume and press Enter to list the drives letter:

    • list volume

    Regards,

    Chidi

    1+

  19. alex 1 year ago

    What about when you have raid? I'm not able to see my raid partition, altough I see the raid logical volume with diskpart. Tried to load drivers, but unable to see Windows partition.

    Need some help.

    1+

  20. Althaf 1 year ago

    Thank you so much brother... Worked perfectly... only the issue was UEFI usb drive was failed due to formatted with GPT partition.

    1+

  21. Quickdraw 11 months ago

    Awesome, works fine for Windows Server 2016 thanks !

    0

  22. Mark 6 months ago

    Michael,

    I "inherited" a server with server 2012 R2 installed. Unfortunately, the person that previously maintained the server passed away and I have no idea what the password is on the local admin account. This server is not on the domain.

    I have attempted your suggestions this several times with no luck. The only drive that I can find from X: \Sources is the DVD or USB that I booted from. I have read that it could possibly be configured as RAID partition. Any help you can provide is much appreciated.  Thanks.

    Mark

     

    0

    • Author
      Michael Pietroforte 6 months ago

      I didn't try the procedure on a RAID system. It is also possible that the drive is encrypted. Sounds like you are going to reinstall.

      0

    • Leos Marek 6 months ago

      Sound like the RAID driver is not loaded during the boot which is quite normal. You may want to try a procedure like this - instead of pressing SHIFT+F10 right at the CD boot, go for normal installation, select Custom option and at the drive selection screen select Load driver. Now you could browse USB stick with your RAID controller driver. Once you do that, the setup should see your drive. At this point press SHIFT+F10 and see if the command prompt see the drive with Windows installation. I have never tried this, but I would assume once the setup loads the driver, you should be able to see it.

      As alternative, if you have really some important information on the server which you cant extract any other way, it could make worth a try to get another HDD, put it to the server and install clean Windows there. Once you do that, you could install the RAID driver to see your other installation and replace the utilman.exe file. Remove the temp drive and boot again from your RAID.

      Let me know if any of that works for you:)

       

      1+

      Users who have LIKED this comment:

      • avatar
      • Mark 5 months ago

        Leos,

        I was able to get to the custom menu and load the driver for the RAID controller. However, I was not able to see any drives in the setup menu. Unfortunately, I do not have any spare drives to attempt your second idea. Please let me know if you think of any other ideas to reset the local admin password. I would like to add that I am limited on things to try since this server hosts some files that we would likely be unable to replace if something happened to the OS. Thanks for your help.

        Mark

        0

        • Leos Marek 5 months ago

          Hi Mark,

          could you open a topic in IT administration forum please? It will be better to exchange communication there.

          Could you send some screens from the setup? Its strange that if you load the RAID driver the setup still do not show any drives. Did you refresh?

          Thx

          1+

          Users who have LIKED this comment:

          • avatar

Leave a reply

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2019

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account