# Steps & Impact on changing admin passwords



## rebootbabe (Oct 7, 2007)

If you have several Windows 2003 servers; DC, BDC, Exchange, SQL, Terminals Services, etc. and you want to change all the admin passwords, is there priority on which one to change first?


----------



## Chevy (Jul 25, 2003)

The first thing to do is determine what services are using the Domain Administrator account, as these will need to be updated as well. Also, some applications use a domain account (and a lot of admins just use the Administrator account), so check for those as well.

The Domain controllers do not have local accounts, so when you change the admin password on the DC it will apply to all BDC machines.

The LOCAL administrator account on member servers should not be used by anything - however, be sure to check all services to be sure.

Once you've ID'd all services using Domain/Administrator and/or LocalMachine/Administrator, change the password for them. Don't Stop or Restart the services, just update the password.

Next, change the LOCAL ADMINISTRATOR on the non-DC servers (right-click on My Computer, select Manage, then go through Local Users and Groups).

Next, on the DC, change the DOMAIN ADMINISTRATOR password.

Reboot the DC, then BDC's, then Member Servers.

Go through the System Event Logs for each server checking for failed services.

As you perform each step - DOCUMENT EVERYTHING. When you are done, you'll have all the info you'll need to write up an admin password change guide/checklist.


----------

