You forgot the domain admin password? This article explains how you can reset the administrator password in a Windows Server 2008 (R2) and Windows Server 2012 (R2) domain.
Latest posts by Michael Pietroforte (see all)

First of all, you should never work with the “Administrator” account. Each admin should have his own account, for two reasons. First, it makes troubleshooting easier if an admin messes up. Second, if one admin forgets his password, another admin can reset it through Active Directory Users and Computers (ADUC). Whenever you reset a password, however, note that the corresponding account will no longer be able to access passwords stored in Internet Explorer or files that have been encrypted with EFS.

If you forgot the domain admin password, and no other administrator exists in this Windows domain, you can use the procedure below to reset the password. Note that the screenshots are for Windows Server 2012 R2 with Update. However, this guide also works for Windows Server 2012 and Windows Server 2008 R2.

With this password reset method, you have to boot from a second Windows installation. You then have to replace utilman.exe (the Utility Manager with ease-of-use functions such as the Narrator and Magnifier) on a domain controller with the command prompt (cmd.exe). Next, you’ll boot up the machine where you forgot the password, click the Utility Manager icon on the logon screen to launch a command prompt, and then reset the password. Here is the step-by-step guide:

Subscribe to 4sysops newsletter!

  1. Boot from a Windows Server 2012 R2 DVD (or ISO file in a virtual environment) and click Next when Windows Setup loads.
    Windows Setup
  2. Press SHIFT + F10 to open a command prompt.
    Open command prompt in Windows Setup
  3. At the command prompt, enter:
    move d:\windows\system32\utilman.exe d:\windows\system32\utilman.exe.bak

    Note: On Windows Server 2008 R2, you will most likely have to replace the drive letter d: with c:. If you are unsure about the drive letter, search for the drive that contains the Windows folder. The driver letter for the instance of Windows PE that started Windows Setup is x:. (Update: As mentioned by Chidi, you can run the diskpart command and then on the displart prompt, you can enter the list vol command to get an overview of the available drives. The system drive should be labeled accordingly.)
    Move utilman.exe

  4. Replace utilman.exe with cmd.exe:
    copy d:\windows\system32\cmd.exe d:\windows\system32\utilman.exe

    Copy cmd.exe

  5. Remove the boot media from the server and tell Windows PE to reboot:
    wpeutil reboot

    wpeutil reboot

  6. Once your domain controller is running again, click the Utility Manager icon.
    Utility Manager icon
  7. At the command prompt that (I hope) opened, reset the domain admin password with this command:
    net user administrator *

    Reset domain admin password

  8. You can now close the command prompt and log on with the new password. However, mainly for security reasons, I highly recommend restoring the original utilman.exe. For this, you have to again boot Windows Server setup, follow steps 1-2, and then enter:
    move /y d:\windows\system32\utilman.exe.bak d:\windows\system32\utilman.exe

    (Replace the drive letter if Windows isn’t installed on the d:)
    Restore utilman.exe

  9. After you removed the boot media, you can reboot the server again with
    wpeutil reboot

    Password reset complete

Obviously, this procedure can be used by anyone who has physical access to your servers. In my next post I will give you a few tips how you can prevent the Utilman.exe password reset trick.

84 Comments
  1. Andrew Hilborne 7 years ago

    Or you can use NTpassword http://pogostick.net/~pnh/ntpasswd/

  2. Andrew, thanks for the tip. I am currently playing with the tool to see if it still works with Windows 8.1. However, I think you can't use ntpasswd to reset a domain admin password because it only allows your to manipulate the SAM database.

  3. s 7 years ago

    Hi again,
    I tried following this and it said it moved and copied the files but after rebooting and pressing the utility manager icon, it doesn't open command prompt, it just operates as normal.
    This is a windows 8 tablet, so I'm booting off legacy to boot from a Windows 8 install disk and then changing back to UEFI so that I can boot back into windows normally, would that cause any issues?
    Thanks

  4. I didn't try this procedure on a UEFI PC, but I doubt that this is the problem. It is more likely that you copied utilman.exe to the wrong location. Compare the file sizes of utilman.exe and cmd.exe and check if d:\windows\system32\utilman.exe has the size of cmd.exe after rebooting into the Windows installation where you forgot the password.

  5. philip 7 years ago

    Hi, my gf forgot her administrator password so I'm trying to reset it. However I can't see any folders on the hard drive and I can't go to the windows directory. Any ideas what is it that I could be doing wrong?

  6. philip, try a different drive letter.

  7. Carlos Lamb 7 years ago

    Hello Michael,

    This allows us to reset the password for a local user account. Do you have instructions for how to change a domain admin account?

  8. Carlos, it this for a domain account. It didn't work for you?

  9. Rashmiranjan 6 years ago

    It is working fine.Thanks Michael

  10. alina 6 years ago

    i don't know my pasworddd!!!!!!!!!!!

    WHAT IS IT

  11. Try pasworddd!!!!!!!!!!! 😉

  12. abdul ahad 6 years ago

    Hi Micheal,

    i have an issue.. whenever i type this command

    move d:\windows\system32\utilman.exe d:\windows\system32\utilman.exe.bak

    it gives me error.

    THE SYSTEM CANNOT FIND THE PATH SPECIFIED.

    I tried using different disk letters but didnt work.. plz help.

  13. abdul, your Windows installation is probably on another drive. Try the dive letter c: instead of d:

  14. anathi 6 years ago

    Hy ive got an interview IBM thinkpad which i got from my brother, so i decided to delete some unnecessary files. On it then it asked for being rebooted. And so i did, after it askd for an administrator password which even my brother. Didn't. Know so please help dont you atleast have. A hacking password?

  15. sagar 6 years ago

    thanks for your valuable information. i have successfully reset administrator passwords and it is very useful once again thanks.

  16. zeon 6 years ago

    my system32 folder does not have Utilman.exe what other file could be its alternative.

  17. Jan 6 years ago

    Thanks a lot.
    This worked great to recover my test domain administrator password.
    I was geussing longer than it took to change it. 😉

  18. felicia 6 years ago

    Hi. I tried to follow the steps of reset my administrator password. I got to the stage of the cmd. when I type the c: it says the syntax of the command is incorrect then I further try other letter but still giving me the same problem. Can anyone please help me solve this problem

  19. felicia 6 years ago

    When I type move d: \windows\system32\utilman.exe it says " is not recognised as an internal or external command, operable program or batch file. I need some directions please

  20. felica, there should be no blank after d:

  21. felicia 6 years ago

    Hello Michael,
    I did exactly as you advised but I still have the same problem. is there any other possible ways to locate my c or d drive? I tried all means but to no avail

  22. Sriram 6 years ago

    I tried doing this. D:\ is mapped as the CD-drive on this. Our professor has setup virtual machines for all of us and we had to install windows 2012 on them. I think we used a virtual HDD for this. Because bios shows - VMware Virtual SCSI Hard Drive (0:0). Im not able to find system32 on any drive except x:\sources\windows\system32 but when i use that, the cmd doesnt pop up on reboot.

    Please help!

  23. Tony 6 years ago

    Will this method work with Windows 8. Will I loose any files because I locked my father's domail connected laptop.

  24. tony 6 years ago

    sir
    can yo explain what you have done in step 1 and how to get windows server 2012 and how to boot it.

  25. Tony, yes the method works with Windows 8. If you encrypted files with EFS with this , you will be unable to decrypt after resetting the password.

    tony, you can use any Windows boot medium. You can download the Windows 10 ISO and put it on a bootable USB stick. If you are not an IT pro, you better ask for help.

Leave a reply

Please enclose code in pre tags

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2021

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account