A. When you use the Recovery Console (RC), the system uses the account passwords in the local SAM file. But if a system is a domain controller (DC), it doesn't use the local SAM file, so changing the Administrator password changes the Active Directory (AD) account and not the local SAM password. To modify the SAM password, perform the following steps:
- Shut down the DC on which you want to change the password.
- Restart the computer. When the system displays the selection menu during the restart process, press F8 to view advanced startup options.
- Select Directory Service Restore Mode.
- After you successfully log on, to change the local Administrator password, at a command prompt, type the following command:net user administrator *
- Restart the computer.
If you don't know the password, you can demote the DC to a regular server, change the password, then promote the system to a DC. You can also copy the SAM in the %SystemRoot%\Repair folder to the %SystemRoot%\System32\Config folder.