Domain Admin Password Change

[Phil]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Is there a best practice document on how to change the domain administrator
account password? I'm sure there are many hooks that it has in our network,
and want to be prepared before we do it.

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

"" wrote:
> Is there a best practice document on how to change the domain
> administrator
> account password? I'm sure there are many hooks that it has
> in our network,
> and want to be prepared before we do it.

I presume you are talking about the administratr account of a domain

What about the following:

* Have three people generate a very difficult string to remember. put
that on a paper and number each paper 1,2,3. Don’t let the people
exchange the strings
* In AD click the reset the password for the admin account
* Insert the first part of the password, the second part and the third
part.
* Try to login using the separate parts of the password where each
person enters a part of the password. This tests if the
passwordstrings on the paper are correct.
* After the test is successfull put each paper in a sealed envelope
and store the envelopes in a safe place

only use it when really needed.

Give each admin his own admin account to perform delegated tasks

Does this sound OK?

--
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/Active-Directory-Domain-Admin-Password-Change-ftopict401001.html
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1327195