The very first thing I do after installing Active Directory (AD) on Windows Server is to change the password of my AD Administrator. I do this because I use Amazon Web Services (AWS) EC2 as my servers and AWS automatically generates the password for my Windows Server.
The AD Administrator is a very powerful user for Active Directory as you can restrict or open capabilities to other users and computer, install/uninstall programs and can even shut down any member computer using the Admin user. That is why you should really keep your AD Administrator User password in a safe place.
Whatever the reason you have for wanting to change the password of your AD Administrator below is a step-by-step tutorial on how to change it.
Login to your Windows Server.
Click on the Window Icon on the bottom-left and click on Server Manager.
Click on Tools then Active Directory Users and Computers.
Click on the ‘>‘ sign beside your domain on the left sidebar. This will expand the tree.
My domain for this example is ad.radishlogic.com. Yours would be different.
Click on Users. And the list of Users and Groups will show up.
On the top of the list is the name Administrator, right-click on it and click Reset Password… from the list.
Type your desired password on the text boxes.
Optionally, uncheck the User must change password at next logon if you do not want you to make a password again for the Administrator account on your next login. This is usually the case for the Administrator account.
Note: The Unlock the user’s account is for users that has been locked out of their account due to reasons like they have entered the wrong password too many times or other reasons.
Click OK.
Then a windows will pop-up to tell you that you have changed the Administrator password. Click OK.
You have now succesfully changed your Active Directory Administrator password.
You should never reset AD users’ password. Instead, you should change the password. Otherwise you may loose access to encrypted docs.