Change domain admin password

**chrbb** · 20th March 2009, 08:34 PM

What are the implications for changing the domain admin account password?

**sahmeepee** · 20th March 2009, 08:44 PM

As with any account, you may have used it for running bits and pieces on your network, e.g. windows services, scheduled tasks, that sort of thing.

**PiqueABoo** · 20th March 2009, 09:14 PM

Exactly, except doing that in the first place is very bad practice.

**chrbb** · 20th March 2009, 09:26 PM

I'm being dim now, but I don't know I didn't set the server up

. How would I find out? All I know is sophos uses it (yes I know bad practice - but I didn't set it up)

**leco** · 20th March 2009, 09:29 PM

Originally Posted by chrbb

I'm being dim now, but I don't know I didn't set the server up

. How would I find out? All I know is sophos uses it (yes I know bad practice - but I didn't set it up)

I was going to say your AV but I see you have already sussed that one. When I changed the admin passowrd I just had to keep looking at the event logs to see which bits had stopped working

**SYNACK** · 21st March 2009, 12:07 AM

The best places to check for this are in the services snapin under the 'Login As' collom and the task scheduler in control pannel on the server. These are the most likely places for stuff like this to be hiding and you would need to re-enter the new password into each of these to keep them going or move them to a different account. Moving them can be tricky though depending on the software as some is hardcoded to allow only the installer user.

**DSapseid** · 23rd March 2009, 10:48 AM

Also dont forget any backup software that uses it! I changed my password on the domain admin account and forgot about this until i wondered why my backup was finishing inside 1 hour

- because it couldnt connect to the other 7 servers!!!

**gshaw** · 23rd March 2009, 05:34 PM

Backup Exec is a right pain for this with all the logon accounts it keeps asking for

Also worth checking SQL Server as well if you have it as I've found a few bits running as domain admin on there that shouldn't be

**witch** · 23rd March 2009, 06:40 PM

I have to say that I have recently been looking at the same issue and decided not to change it because I really don't know what the impact will be and I am very worried that I will forget something or something will stop and I won't know until it is too late.

**deanc** · 23rd March 2009, 07:23 PM

we did this a while ago, my reccomendations would be:

1) change the admin password
2) restart servers, then check the event log to see which services have failed.
3) reconfigure the services, ideally creating a new admin account for that service (if you really want you could deny them the right to log in interactively)
4) check that all is ok by manually starting the failed service.

if everything works ok then your fine, worst case scenario and things go wrong change the password back

LinkBack

Thread Tools

Search Thread

Change domain admin password

Similar Threads

Sophos and the Admin Password

AutoIT password change script not picking up password

Admin Password

reset admin password

XP Pro Admin Password

Thread Information

Users Browsing this Thread

Posting Permissions