0

I have a Windows 2008 server foundation running as a PDC. I would like to create the "traditional" reset password disk just in case I forget it. I looked a lot and all links mentions such option under the desired user in Control Panel (like [https://serverfault.com/questions/469798/creating-a-password-reset-disk-on-windows-server-2008-r2-using-an-external-hard]). Such option, however does not show on my panel even when logged as Administrator. My guess is that it's due to being a PDC.

Is there another way to create such disk or any other way to protect the password in case is forgotten?

Community
  • 1
alvaroc
  • 123
  • 8

1 Answers1

1

Different mechanism since this an AD account vs a local account. Think about documentation and process so there is never a password recovery event.

  1. Create at least two, possibly more, Admin level accounts.
    Document the account and password, in multiple locations.
    Document where and how to access this info so someone else can retrieve it if you are unable. (The documentation location of last recourse should assume that the resource being documented is not available.)
    Create a process to update this info when the passwords changed.
    Test the process, can a 3rd party retrieve the info?
    Follow the process.

  2. Set and document the Directory Services Restore Mode password. This is a good overview of options. DS Restore Mode Password Maintenance | Ask the Directory Services Team

  3. While unsupported by Microsoft there are 3rd party tools that can reset an AD account. If you want an option other than solid processes and documentation then try one of the tools on a test account, before it's needed.

Ed Fries
  • 1,621
  • 2
  • 11
  • 14
  • Ed, although I can't understand why it is not possible to restore an AD password (it should be something deep hidden in windows or LADP itself), your suggestions are more than excellent. Kudos! – alvaroc Mar 23 '15 at 01:24