- Poll: How reliable are ChatGPT and Bing Chat? - Tue, May 23 2023
- Pip install Boto3 - Thu, Mar 24 2022
- Install Boto3 (AWS SDK for Python) in Visual Studio Code (VS Code) on Windows - Wed, Feb 23 2022
First of all, you should never work with the “Administrator” account. Each admin should have his own account, for two reasons. First, it makes troubleshooting easier if an admin messes up. Second, if one admin forgets his password, another admin can reset it through Active Directory Users and Computers (ADUC). Whenever you reset a password, however, note that the corresponding account will no longer be able to access passwords stored in Internet Explorer or files that have been encrypted with EFS.
If you forgot the domain admin password, and no other administrator exists in this Windows domain, you can use the procedure below to reset the password. Note that the screenshots are for Windows Server 2012 R2 with Update. However, this guide also works for Windows Server 2012 and Windows Server 2008 R2.
With this password reset method, you have to boot from a second Windows installation. You then have to replace utilman.exe (the Utility Manager with ease-of-use functions such as the Narrator and Magnifier) on a domain controller with the command prompt (cmd.exe). Next, you’ll boot up the machine where you forgot the password, click the Utility Manager icon on the logon screen to launch a command prompt, and then reset the password. Here is the step-by-step guide:
Subscribe to 4sysops newsletter!
- Boot from a Windows Server 2012 R2 DVD (or ISO file in a virtual environment) and click Next when Windows Setup loads.
- Press SHIFT + F10 to open a command prompt.
- At the command prompt, enter:
move d:\windows\system32\utilman.exe d:\windows\system32\utilman.exe.bak
Note: On Windows Server 2008 R2, you will most likely have to replace the drive letter d: with c:. If you are unsure about the drive letter, search for the drive that contains the Windows folder. The driver letter for the instance of Windows PE that started Windows Setup is x:. (Update: As mentioned by Chidi, you can run the diskpart command and then on the displart prompt, you can enter the list vol command to get an overview of the available drives. The system drive should be labeled accordingly.)
- Replace utilman.exe with cmd.exe:
copy d:\windows\system32\cmd.exe d:\windows\system32\utilman.exe
- Remove the boot media from the server and tell Windows PE to reboot:
- Once your domain controller is running again, click the Utility Manager icon.
- At the command prompt that (I hope) opened, reset the domain admin password with this command:
net user administrator *
- You can now close the command prompt and log on with the new password. However, mainly for security reasons, I highly recommend restoring the original utilman.exe. For this, you have to again boot Windows Server setup, follow steps 1-2, and then enter:
move /y d:\windows\system32\utilman.exe.bak d:\windows\system32\utilman.exe
(Replace the drive letter if Windows isn’t installed on the d:)
- After you removed the boot media, you can reboot the server again with
Obviously, this procedure can be used by anyone who has physical access to your servers. In my next post I will give you a few tips how you can prevent the Utilman.exe password reset trick.
Want to write for 4sysops? We are looking for new authors.
w2012 r2 boot cd on w2008 r2 DC
i tried to locate the windows drive, i couldn’t found it, i tired D: E: F: G: …. with the same msg ” the system cannot find the drive specified”, for information, the windows is working from the harddisk find, so the hard disk is connected and have no problem, the only drive that i can see is C: through CMD, but its the external hard disk connected via USB port and its not includes the windows file!!!
can you help me 🙁
Maybe the system drive is encrypted? In that case, you can’t do anything and reinstall.
It worked on my 2012 R2 Essentials domain in my home lab running on ESXi 6.5 fully patched.
Thank you for sharing this extremely useful information!
I am glad that it worked for you. 🙂
Hi Michael,i think the only thing missing is that you forget to mention entering “diskpart” first by typing diskpart on the prompt and press Enter.
Thereafter, they should type “list vol” and press Enter to see the drive letters for each of the drives available.
Make a note of the drive letter assigned by the WinRE environment – it may not be C: or D:
Type “exit” and press Enter – The command prompt will return to the X:\Sources> prompt and you can continue with the steps…
Good tip! Thanks! I added a note to the article.
Thanks for the detailed procedure.
What are the security implications of not “re-copying” the original utilman.exe? Can you elaborate on that?
Well, isn’t that obvious? If you don’t restore utilman.exe, anyone who has physical access to the computer can reset passwords without even having to boot boot from external media.
need help method appears successful but still getting the wrong username or password (i use this method after being locked off my server via intrusion) Win Serv. 2012R2
Excellent .. Worked for me. Thnx
I just replace the drive letter from D: to E: as it is Win2k12 OS
My problem is that when i run the diskpart command it doesnt find any volumes, any tip on this?
Can you see the disks with the list disk command after you launched diskpart? Maybe your volumes are encrypted?
It’s works on Windows 2016SRV standard. Very good :-).
Sometimes (i like this) i change domain admin name by “Local security Policy”. In “AD User manager” list old (original name – administrator). You my see correctly name of administrator:
1. In cmd window type: secpol.msc
2. Go to: Local Policies->Security Options-> Accounts: Rename administrator account.
Now you try to login with this username 🙂
Sorry, my english is from school 😛
Sir I tried to input both c and d one by one but in command prompt it says
The system can not find the path specifed.
I changed letter from d to D and it worked.
I did the copy but when i lreaa to ease of access i get a cmd account command window with
 Log in
So i stil cant do the procedure. Anyone encouter this and know a solution to it
Strange. What happens if you press CTRL+C? Maybe cmd.exe was already replaced on that computer? Maybe you can get it from another machine?
Thank you! I’ve used this trick on Win 10 for local passwords, but never dreamed about a domain admin password. Now to troubleshoot the issue of my domain admin password being incorrect.
To clarify, troubleshoot why my domain admin password became incorrect in the first place.
Thanks you saved me!
How do I accomplish this procedure on a virtual 2012 R2 domain controller running VSphere?
When I access the command prompt, I don’t have access to the C drive and I get a “Drive does not exist message.”
How do I use this procedure on a virtual 2012 R2 domain controller (client) running on a VSphere ESXi (Host)?
When I get to the step to select the C: drive I get a message that the “drive not available”.
The only visible drives are the X:- the virtual boot drive, and D – which is the CD Drive.
I suspect C is not the drive volume letter.
Type the following command and press Enter first:
Then type the following command to list the volume and press Enter to list the drives letter:
What about when you have raid? I’m not able to see my raid partition, altough I see the raid logical volume with diskpart. Tried to load drivers, but unable to see Windows partition.
Need some help.
Thank you so much brother… Worked perfectly… only the issue was UEFI usb drive was failed due to formatted with GPT partition.
Awesome, works fine for Windows Server 2016 thanks !
I “inherited” a server with server 2012 R2 installed. Unfortunately, the person that previously maintained the server passed away and I have no idea what the password is on the local admin account. This server is not on the domain.
I have attempted your suggestions this several times with no luck. The only drive that I can find from X: \Sources is the DVD or USB that I booted from. I have read that it could possibly be configured as RAID partition. Any help you can provide is much appreciated. Thanks.
I didn’t try the procedure on a RAID system. It is also possible that the drive is encrypted. Sounds like you are going to reinstall.
Sound like the RAID driver is not loaded during the boot which is quite normal. You may want to try a procedure like this – instead of pressing SHIFT+F10 right at the CD boot, go for normal installation, select Custom option and at the drive selection screen select Load driver. Now you could browse USB stick with your RAID controller driver. Once you do that, the setup should see your drive. At this point press SHIFT+F10 and see if the command prompt see the drive with Windows installation. I have never tried this, but I would assume once the setup loads the driver, you should be able to see it.
As alternative, if you have really some important information on the server which you cant extract any other way, it could make worth a try to get another HDD, put it to the server and install clean Windows there. Once you do that, you could install the RAID driver to see your other installation and replace the utilman.exe file. Remove the temp drive and boot again from your RAID.
Let me know if any of that works for you:)
I was able to get to the custom menu and load the driver for the RAID controller. However, I was not able to see any drives in the setup menu. Unfortunately, I do not have any spare drives to attempt your second idea. Please let me know if you think of any other ideas to reset the local admin password. I would like to add that I am limited on things to try since this server hosts some files that we would likely be unable to replace if something happened to the OS. Thanks for your help.
could you open a topic in IT administration forum please? It will be better to exchange communication there.
Could you send some screens from the setup? Its strange that if you load the RAID driver the setup still do not show any drives. Did you refresh?
Thanks works perfectly.
What a hack! Man you are a genius!
Works beautifully with Windows 2022 Domain Controller server.