How to reset Active Directory Passwords

All Windows Server

Offline Windows Password & Registry Editor supports all Windows from NT 3.5 to Win7, also 64 bit and also the Server versions (like 2003 and 2008).

With the official Windows DVD

Enjoy http://www.youtube.com/watch?v=Ar-VoO9ogHc

RADPass

RADPass is an offline Active Directory password remover. How to use:

- Reboot a domain controller in Directory Restore mode.
- Backup NTDS.DIT.
- Run RADPass.
- Delete all LOG, EDB and CHK files from the %SYSTEMROOT%\NTDS folder.
If you used the %SYSTEMROOT%\NTDS folder as your temporary folder then the tool cleaned up all these files for you.
- Perform an authoritative restore of the AD database if you have multiple domain controllers.
This will replicate the change to the other controllers.
- Reboot the server. You should be able to login without a password for the target username.

SHEdit

SHEdit is an offline editor for the SID History Active Directory attribute. This tool goes around the limitation built into the DsAddSidHistory API allowing an administrator in any domain to access any other domains in the forest as any user. How to use :

- Get the SID for a user in the target domain.
- Reboot a domain controller in Directory Restore mode.
- Backup NTDS.DIT (optional but recommended).
- Run SHEdit.
- Delete all LOG, EDB and CHK files from the %SYSTEMROOT%\NTDS folder.
If you used the %SYSTEMROOT%\NTDS folder as your temporary folder then the tool cleaned up all these files for you.
- Perform an authoritative restore of the AD database if you have multiple domain controllers.
This will replicate the change to the other controllers.
- Reboot the server. You should have the desired access on the target domain.
- Use the ClearSIDHistory.vbs script to delete the SID History attribute.

RevDump

RevDump is a tool to dump password stored using reversible encryption, which applies to Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2.

ESE db viewer

ESEdbViewer / Extensible Storage Engine (ESE) is one of the least known and yet most widely distributed database engines (on Windows). ESE is also known as JET Blue, is an Indexed Sequential Access Method (ISAM) data storage technology from Microsoft.
ESE is notably a core of Microsoft Exchange Server and Active Directory. Its purpose is to allow applications to store and retrieve data via indexed and sequential access. Windows Mail and Desktop Search on Windows Vista also make use of ESE to store indexes and property information respectively.

Libesedb

Libesedb : Library and tools to access the Extensible Storage Engine (ESE) Database File (EDB) format. ESEDB is used in may different applications like Windows Search, Windows Mail, Exchange, Active Directory, etc.
The libesedb package contains the following tools:
- esedbexport, which exports the items stored in ESE database files.
- esedbinfo, which shows the information about ESE database files.

fgdump / pwdump6

fgdump (doc & usage) or pwdump6 can dump Windows Server 2000 and 2003 Active Directory.

Bulk Password Control

Bulk Password Control allows you to change passwords, enable accounts, disable accounts, modify user attributes, and pretty much any other user control you can imagine.

Links

- http://www.jms1.net/nt-unlock.shtml : reset the Domain Admin Password under Windows NT/2000 Server.
- http://www.nobodix.org/seb/win2003_adminpass.html : reset the Domain Admin Password under Windows 2003 Server.