Danny Moran

How to force reset the Active Directory Domain Administrator password

Published June 25, 2022 by Danny Moran

Table of Contents


This is a step-by-step guide for force resetting the Active Directory Domain Administrator password.

How to force reset the Active Directory Domain Administrator password video

How to force reset the Active Directory Domain Administrator password guide

  1. Mount the Windows Server installation media to your domain controller virtual machine or physcal server.

  2. Restart the server and then boot into the installation media.

  3. On the first page of the Microsoft Server Operating System Setup wizard, select Next.

  4. On the second page, press Repair your computer which is located at the bottom left of the screen.

  5. In the Windows repair wizard, press Troubleshoot, and then Command Prompt

  6. Within the command prompt wizard, run the following command to launch DiskPart.

  7. Within DiskPart, run the following command to list all available volumes connected to the server.

    list volume
  8. Identify which volume your Windows install is on by using the size column.

  9. Run the following command to select that volume. (replace 1 with the volume number of your windows server install)

    select volume 1
  10. Run the following command to assign that volume the driver letter C.

    assign letter=c
  11. Run the list volume command again to check the drive letter was assigned correctly

    list volume
  12. If the Ltr for the volume shows the drive letter C, then you can close DiskPart by running the following command. If not, return to step 9.

  13. After exiting DiskPart, change to the C directory using the following command.

  14. With the C drive, navigate to the System32 folder.

    cd c:\windows\system32
  15. Within the System32 folder, rename the osk.exe file to osk.old. The osk.exe is the file for the On-screen Keyboard.

    ren osk.exe osk.old
  16. Copy the PowerShell.exe file to the System32 folder, and name it osk.exe

    copy c:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe osk.exe
  17. After the file has been copied, close the Command Prompt window and press continue, to exit and continue to windows server.

  18. Once the Windows Server has booted, press CTRL+ALT+DEL to unlock the server, and then select the Ease of Access button at the bottom right of the screen, and then launch the On-screen Keyboard. If the previous steps have been completed successfully, a PowerShell window should open.

  19. Use the NET USER command to reset the Domain Administrator password.

    net user Administrator P@55w0rd123!
  20. Login to your domain controller using the Administrator username, and the new password you have just set.

  21. You can now unlock/create other domain administrator passwords.

  22. Finally, navigate to c:\Windows\System32 and delete the file called osk.exe. (If you want to replace the On-screen Keyboard file, you will need to follow steps 2 to 14 and then run the below command)

    ren osk.old osk.exe