Archived from groups: microsoft.public.win2000.active_directory (More info?)
> Is there a best practice document on how to change the domain
> account password? I'm sure there are many hooks that it has
> in our network,
> and want to be prepared before we do it.
I presume you are talking about the administratr account of a domain
What about the following:
* Have three people generate a very difficult string to remember. put
that on a paper and number each paper 1,2,3. Donâ€™t let the people
exchange the strings
* In AD click the reset the password for the admin account
* Insert the first part of the password, the second part and the third
* Try to login using the separate parts of the password where each
person enters a part of the password. This tests if the
passwordstrings on the paper are correct.
* After the test is successfull put each paper in a sealed envelope
and store the envelopes in a safe place
only use it when really needed.
Give each admin his own admin account to perform delegated tasks