My friend forgot all Administrator password (BUILTIN\Administrator, Domain Administrator, Recovery Mode Password) for his w2ks SBS based domain. I've found article about resetting domain admin password.
I want to know: are there any implications on reset AD Administrator password? I know, that resseting user password result in loss of key to decrypt EFS encrypted data. Are any other consequences or implications?
I was thinking about backup procedure:
- Shutdown all domain controllers (1 - its SBS domain :)
- Take bit by bit image copy of DC disks (if something goes wrong), restore by copy image back to disk.
- Reset password
Do you recomend any other steps?
To know what the implications of changing a password are you first need to know exactly where the password is used. At the very least you need to check all services and scheduled tasks, as some of those may be running under one of the accounts you will be changing.
There's only 1 Administrator password because there's only 1 Administrator account. Knowing the Recovery Mode password wouldn't help as you still wouldn't know the Administrator password after performing an authoritative restore.