Complete a 3 Question Survey and Earn a re:Post Badge

Help improve AWS Support Official channel in re:Post and share your experience - complete a quick three-question survey to earn a re:Post badge!

EC2 Instance in us-west-2 is a domain controller and a excoworker changed the domain admin pass y blocked all usuer when he let the company

Recently an ex coworker changed the domain admin password and blocked all users . We created the instance with the Amazon Microsoft Windows Server 2019 with Desktop Experience Locale English AMI provided by Amazon y we have not been abled to enter again to the environment. Is there any chance to recover the domain admin pass and get into again

Topics

Compute

Tags

Amazon EC2 Windows

Language

English

Ajojoi-Memo

asked 10 months ago328 views

1 Answer

Newest
Most votes
Most comments

Best suggestion I have would be to check for snapshots of the EBS volume and create a new instance from one just before the password was changed. Once you have the new instance up and verify access you could terminate the previous instance.

Hope this helps!

EXPERT

iBehr

answered 10 months ago

EXPERT

Oleksii Bebych

reviewed 10 months ago

Ajojoi-Memo
10 months ago
Thank you very much it could work but the problem is that there were not any previous snapshot :(
iBehr EXPERT
10 months ago
You could now take a snapshot and create a new instance and then use forensic tools against that new instance.

I am not a Windows expert -- perhaps someone else can comment on this -- but you may be able to use the following two articles to enable booting to safe mode and then change the password.

https://aws.amazon.com/blogs/compute/using-the-ec2-serial-console-to-access-the-microsoft-server-boot-manager-to-fix-and-debug-boot-failures/

https://www.clouvider.com/knowledge_base/how-to-reset-administrator-password-on-windows-server-2019/

Again, I am not a Windows expert and cannot speak to the full viability of these options.

Relevant content

Resetting the AWS Domain Controller Password
Anees
asked 2 years ago
Managed Domain Passwords are Expiring after 14 days, Domain User Policy is 90 Days - Where's the override coming from?
jwesley
asked 2 years ago
Need help with changing passwords and removing an email address from my domain
Accepted Answer
2P
asked 8 months ago
What is the best procedure for setting up a password or other credentials to work with throw away EC2 instances that are generated from AMIs
zeiddev
asked a year ago
How do I log into my Amazon EC2 Windows instance with my local admin or domain credentials?
AWS OFFICIALUpdated 2 years ago
How do I troubleshoot a WorkSpaces Personal WorkSpace that fails to join an Active Directory domain?
AWS OFFICIALUpdated 7 months ago
How do I use group policy in AWS Managed Microsoft AD or Simple AD to allow domain users RDP access to an EC2 Windows instance?
AWS OFFICIALUpdated a year ago
How do I change domain ownership or other domain information in Route 53?
AWS OFFICIALUpdated 2 years ago
VMware on AWS - How to restore NSX DFW firewall rules to previous state
EXPERT
Jagadeesh_Devaraj
published 2 years ago
Establishing Multi-tenant, Custom Domain-based Secure Connectivity to Amazon MSK through a Kafka Proxy
EXPERT
Ankit Mishra
published 6 months ago