recover domain user password without the domain.

  • Thread starter Thread starter Don
  • Start date Start date
D

Don

Hello, I have a client that has a company laptop, and he has forgotten
his password. Now the laptop was part of an old business with a domain
that no longer exists. What can I do to recover the password. I have
access to the local admin account, but not the domain admin account on
the laptop.

Domain was with a sbs 2003 machine.
 
You cannot recover domain password without a domain controller.

If you have access to the local admin account, you can unjoin computer from
the domain. Then create a local user account and let the owner use this new
local account.
 
Don said:
Hello, I have a client that has a company laptop, and he has forgotten
his password. Now the laptop was part of an old business with a domain
that no longer exists. What can I do to recover the password. I have
access to the local admin account, but not the domain admin account on
the laptop.

Domain was with a sbs 2003 machine.

Offline NT Password & Registry Editor:
http://pogostick.net/~pnh/ntpasswd/main.html
 
Dusko said:
You cannot recover domain password without a domain controller.

If you have access to the local admin account, you can unjoin computer
from the domain. Then create a local user account and let the owner
use this new local account.
Or the duh answer I didn't even think of until this morning. Go to the
DC, reset the password for his account. Problem solved.
 
Or the duh answer I didn't even think of until this morning. Go to the
DC, reset the password for his account. Problem solved.


Not really a duh answer Susan. The OP says it's a domain that no
longer exists, so he's using cached credentials for an old domain.

I'm not sure there's a solution, since all the standard password
recovery tools work on a local account.
 
Hello, I have a client that has a company laptop, and he has forgotten
his password. Now the laptop was part of an old business with a domain
that no longer exists. What can I do to recover the password. I have
access to the local admin account, but not the domain admin account on
the laptop.

Domain was with a sbs 2003 machine.
Is there any data on that account that is domain-specific?

I am thinking perhaps the Exchange profile is a dealbreaker?

If not, just create a new local profile and copy his old profile data
into the new local profile.
--
Leonid S. Knyshov
Crashproof Solutions
510-282-1008
Twitter: @wiseleo
http://crashproofsolutions.com
Microsoft Small Business Specialist
Please vote "helpful" if I helped you :)
 
Is there any data on that account that is domain-specific?

I am thinking perhaps the Exchange profile is a dealbreaker?

If not, just create a new local profile and copy his old profile data
into the new local profile.

There is the exchange profile it is really important. If it has to be
lost oh well. But I can move his data, however there are programs tied
to the profile. I created a local profile and most of the programs will
not work.
 
There is the exchange profile it is really important. If it has to be
lost oh well. But I can move his data, however there are programs tied
to the profile. I created a local profile and most of the programs will
not work.

Yep, that's what I figured.

There are some workarounds we can try, such as change the registry
location for the local profile to match the domain profile, for example.
Please make a disk image of this laptop before you do anything as many
changes will be hard to reverse if things go wrong.
--
Leonid S. Knyshov
Crashproof Solutions
510-282-1008
Twitter: @wiseleo
http://crashproofsolutions.com
Microsoft Small Business Specialist
Please vote "helpful" if I helped you :)
 
Jim said:
Not really a duh answer Susan. The OP says it's a domain that no
longer exists, so he's using cached credentials for an old domain.

I'm not sure there's a solution, since all the standard password
recovery tools work on a local account.
Double duh. Geek = didn't fully read.

The domain profile can be copied to the local one. If he has access to
the local one, copy the profile.
 
There is an exchange profile on a domain account for a domain that doesn't
exist anymore, but the exchange profile is still important??

....curious...

Without the domain, I'm with Susan. I think you'll have to copy the profile
to a new account and deal with some itmes that don't move.

-Cliff
 
There is the exchange profile it is really important. If it has to be
lost oh well. But I can move his data, however there are programs tied
to the profile. I created a local profile and most of the programs will
not work.


Did you make the user a local admin? That might explain why some
programs don't work.
 
Did you make the user a local admin? That might explain why some
programs don't work.

the user is the local admin account. There is another account the user
used when the domain went down at work, but it has not been used for
over a year.
 
This isn't really a windows security question but more of a hacking
question. Depending on the client what you need to understand is that the
cached password is stored in the following location

HKEY_LOCAL_MACHINE\SECURITY\CACHE\NL$1 through NL$10 as a hash.

You will need a tool like cachedump (google it) to retrieve the hashes then
you can use a tool like "Johntheripper" again goggle it to crack the hash.

Hopefully this helps.
 
I never really considered that an option since this is (presumably) not a
stolen device. It is a laptop that the owner still possesses and will want
access to. Hacking hashes is a time-intensive project for *weak* passwords,
and nearly impossible if password strength was required as is usual in a
domain (this was joined to SBS03 after all.)

I also tend not to share such methods as, if someone *is* posting under
false pretenses, the last thing I want to do is encourage illegal behavior.
Either way, just not good...

-Cliff
 
Back
Top