# Change Domain admin password



## Berwill (Sep 15, 2010)

I would like to change my Domain admin password, it was setup long before I took over this position and is a pretty simple password. My concern is everything that uses that login, services ect not working afterwards.
Being the same password for all my servers I don't want to change it and then suddenly be locked out of something or things suddenly stop working. So I need to change it but concerned about this happening.
Here is what I have:
2 Server 2003 file servers
1 server 2000 file server
1 server 2003 mail server ( IBM Domino )
All on a Domain
Active Directory
Multiple folders, printers shared.

Any advice would be great.
Thanks,
Will


----------



## Maz_- (Nov 4, 2008)

it wont lock anything out, it might just ask to reauthenticate the password for the account thats all. Oh it will lock out anyone who tries to get in with the old password. We change our admin passwords on a regular basis as a security measure.


----------



## Berwill (Sep 15, 2010)

What if it is a service that requires the Domain admin login, how will it reauthenticate?
Yea that is what I would like to do, change it because it has probably never been changed. I am the only I.T. person so I am just a little nervous about changing it and then something that was using it not working. And I just don't have the time or any help if something like that happened to run down the problem.
If there were a problem would putting it back to the old password fix it?
Will


----------



## Maz_- (Nov 4, 2008)

Well a service wouldnt automatically use the domain username and password. It would require the user to login using the credentials (thats my understanding). So if you did change the password it shouldnt knock any of the network service down but it will only ask the user logged in with the domain account to re-authenticate themselves with the new password as security reason. 

Once you change the password to a new one it will ask for reauthentication but if you change it back to old one again, it will still ask for the password to reauthorise. Hope this helps.


----------



## joeny0706 (Feb 3, 2010)

Berwill said:


> I would like to change my Domain admin password, it was setup long before I took over this position and is a pretty simple password. My concern is everything that uses that login, services ect not working afterwards.
> Being the same password for all my servers I don't want to change it and then suddenly be locked out of something or things suddenly stop working. So I need to change it but concerned about this happening.
> Here is what I have:
> 2 Server 2003 file servers
> ...


If there are all in the same domain you will have no problem. Each time you login from somewhere it connects with AD to check and make sure it is a vaild PW. So look in either the PC Computer listing in AD or your DNS management app. If the server or PC is listed in there you will have no problem. 

One thing that could be a problem is the printers. "We could not know because we dont know how your system is setup". 
If the printer is setup in Explorer to access the printer settings that could have been set when the printer was installed. So that could just stay the same. If it does not work just use the old PW and will be fine. When I installed new printers and access the printer app from an explorer window I was asked to set the PW at that time. I did make it the same as my Domain admin PW but I could have made it anything I wanted, so it could be diff.

Basically anywhere you have an option to change the PW will stay the same. But on all the servers and PCs listed in AD will change along with everything else. If the app or PC "only if you login locally" has an option somewhere within to change the PW you would need to do it that way for that APP or local PC.


----------



## LMiller7 (Jun 21, 2010)

One of the advantages of a domain is that it centralizes security. You only need to change your password in one place and the change will be in effect everywhere. Your access to domain resources is based on your account. The password is only used to verify that a user logging on is who he claims to be.

I see only two problems with changing a password:

1. Services that use your account. Since most services use a system account there should be few instances of this.
2. Scheduled tasks. You would need to update your password for these.

In any event changing your password is a necessary security precaution. The consequences of your login name and password falling into the wrong hands can be dire.


----------



## Berwill (Sep 15, 2010)

Joeny0706
When you say the PC computer listing in AD are you referring to the computer folder under the root?
Like I have berwin.com
Domain Controllers beneath it that contain my 2 DCs
Bercomputers folder - Miramar folder has my other 3 servers

I am not sure what you mean, is the printer setup in Explorer. All printers are install on the File/Print server and to install a printer on a desktop I just UNC to the server and double click the printer to install it.

LMiller7
Services was one of my concerns, how can I verify none would be affected?
Same with Scheduled tasks, how can I verify that?
Yes and since I don't beleive it has ever been change that is why I want to.

I thought I should be a little more specific on my network:
2 Server 2003 file servers ( Both are AD, file, and print servers ) 1 per physical location
1 server 2000 file server
1 server 2003 mail server ( IBM Domino )
All on a Domain
Active Directory
Multiple folders, printers shared.

Thanks for everyone's help. It doesn't sound like I will have a problem, I just want to be as sure as possible before taking the plung...


----------



## Wand3r3r (Sep 17, 2010)

how can I verify none would be affected?
You would review each service under services for what logon account they are using. Same procedure for scheduled tasks.

Note: you should not be using the Administrator account. One of the security recommendations is to take way rights from the administrator account to leave it as bait if you are hacked. You should have other administrator equal accounts in case an admin account gets corrupted.


----------



## Berwill (Sep 15, 2010)

Wand3r3r,
I see what your saying. Go to Services, open one, go to the Log On tab.
Mine say Log on as:
Local system account

Or:
This account - NT Authority\Localservice ( And a password )
NT Authority\Networkservice
.\Administrator
berwin(Domain name)\Administrator

Scheduled tasks you are referring to:
Programs - Accessories - System Tools?
There is nothing in mine.

Your right I do need to use a different one.
Thanks,
Will


----------

