Domain Admin Password Change

[Guest]

Is there a best practice document on how to change the domain administrator
account password? I'm sure there are many hooks that it has in our network,
and want to be prepared before we do it.

 

[Hank Arnold]

Don't know about "best practices", but I would first go through all the
services on your servers and verify which log on using that userid. You will
have to go back to them and change the logon settings for each service
before you reboot or restart the services...

 

[Jorge_de_Almeida_Pinto]

Is there a best practice document on how to change the domain
administrator
account password? I'm sure there are many hooks that it has
in our network,
and want to be prepared before we do it.

I presume you are talking about the administratr account of a domain

What about the following:

* Have three people generate a very difficult string to remember. put
that on a paper and number each paper 1,2,3. Don’t let the people
exchange the strings
* In AD click the reset the password for the admin account
* Insert the first part of the password, the second part and the third
part.
* Try to login using the separate parts of the password where each
person enters a part of the password. This tests if the
passwordstrings on the paper are correct.
* After the test is successfull put each paper in a sealed envelope
and store the envelopes in a safe place

only use it when really needed.

Give each admin his own admin account to perform delegated tasks

Does this sound OK?