Reset Domain Admin Password under Windows 2003 Server

Posted on

Requirements (These are compulsory!)

1.        Local access to the Domain Controller (DC).

2.        The Local Administrator password.

3.        Two tools provided by Microsoft in their Resource Kit: SRVANY and INSTSRV. Download them from

The Local Administrator account is also called Directory Restore Administrator or Machine Account. The password is set at Windows installation. It is possible to reset this password using some (free) recovery tools.

Step 1 

Restart Windows 2003 in Directory Restory Service Mode.

Note: At startup, press F8 and choose Directory Restore Service Mode. It disables Active Directory.

When the login screen appears, log on as Local Administrator. You now have full access to the computer resources, but you cannot make any changes to Active Directory.

 Step 2 

You are now going to install SRVANY. This utility can virtually run any programs as an NT Service. The interesting point is that the program will have SYSTEM privileges (as it inherits SRVANY security descriptor), i.e. it will have full access on the system. That is more than enough to reset a Domain Admin password. You will configure SRVANY to start the command prompt (which will run the ‘net user’ command).

Copy SRVANY and INSTSRV to a temporary folder, mine is called d:\temp. Copy cmd.exe to this folder too (cmd.exe is the command prompt, usually located at %WINDIR%\System32).

Start a command prompt, point to d:\temp (or whatever you call it), and type:

instsrv PassRecovery “d:\temp\srvany.exe”

It is now time to configure SRVANY.

Start regedit, and open the key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\PassRecovery.

Create a new subkey called Parameters and add two new values:

name: Application
type: REG_SZ (string)
value: d:\temp\cmd.exe  
name: AppParameters
type: REG_SZ (string)

value: /k net user administrator new_password

‘net user username password’ is the command line utility to set a new password.

Replace new_password with the password you want. Keep in my mind that some domain policies require complex passwords (including digits, respecting a minimal length etc.)

Now open the Services applet (Control Panel\Administrative Tools\Services) and open the PassRecovery property tab. Check the starting mode is set to Automatic.

Show the Log On tab and enable the option Allow service to interact with desktop.

From now on, anytime you restart Windows, SRVANY will run the netuser command and reset the domain admin password.

Step 3 

Restart Windows in normal mode and wait for the login screen. You will not see the command prompt running the net user command as it is displayed on another desktop. But no worries, the command is still executed in the background.

Log on as Administrator on your domain by using the password you set above. The system should grant you access. If not, go back to Step 2 and check you did not mistype any commands or values.

When the desktop is displayed, you should see a command prompt. This is the one started by SRVANY.

Use this command prompt to uninstall SRVANY (do not forget to do it!) by typing:


net stop PassRecovery (, then:)

sc delete PassRecovery

Now delete d:\temp and change the admin password if you fancy.


9 thoughts on “Reset Domain Admin Password under Windows 2003 Server

    Gareth said:
    January 8, 2009 at 9:37 am

    failed. what version of windows server are you using? does it work on windows 2003 standard

    Harender Kumar said:
    June 27, 2009 at 7:59 am

    It is not working on Windows server 2003 Standard Edition. Anyone Has any IDEA?????

    Brahim said:
    May 2, 2010 at 12:52 pm

    it’s working on 2003 server but for local account not for active directory account

    Arnold said:
    August 4, 2010 at 4:16 pm

    Does this work on SBS 2003 Standard?

    roohollah jafari said:
    September 15, 2010 at 12:16 am

    Well Does not work in Windows 2003 Standard , tried it multiple times , no luck

    gad said:
    June 27, 2011 at 3:18 am

    hi guys
    i have windows 2003 domain server i lost the admin password and i dont have local admin password also
    any body can help me about this please its really very important
    thanks alot

    Bruno Tafarelo said:
    July 30, 2011 at 9:32 pm

    Boot with Linux Live CD

    type the commands below:

    mkdir /tmp/wdir
    ntfs-3g /dev/sda1 /tmp/wdir -o force
    cd /tmp/wdir/WINDOWS/system32

    mv sethc.exe sethc.exe.old
    cp cmd.exe sethc.exe

    In the login screen press 5 times the left shift key. The Command Prompt has displayed. Then type:

    net user administrator new_password


    Anonymous said:
    August 3, 2011 at 1:43 am

    excellent …. congrats dear

    how to breed in dragonvale said:
    June 8, 2013 at 12:35 am

    Awesome things here. I’m very glad to peer your article. Thanks so much and I’m taking a look
    forward to contact you. Will you kindly drop me a mail?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s