I have an employee that is taking some forced time off, but I need to mitigate risks in case they go AWOL.
If I change a domain admin password on a live running system can anything go wrong? I don't always follow best practices and I have a few servers that login using domain admin accounts.
I can log off and log back in to those servers, but are there any nuances that I'm not aware of?
Are there any other gotchas that I need to be aware?
Yes, be wary of scheduled tasks, applications, and services that may be configured to use the Administrator account.
If you have applications like sharepoint or sql server they may use the admin password internally.
If you are just talking about a file server or exchange server then its usually pretty simple, change it, reboot all the servers and see what hasn't restarted. In most cases it will just restart and work. Obviously, do this out of hours.
If you are running any third party backup software then it almost certainly uses the admin password.
Simply changing the admin password isn't enough though if you are paranoid about things. You will need to see which accounts have admin rights and check those. They may well have created other accounts - its not that unusual to have a backup account or a special account for running batch jobs, which will have privs. They may even have created backdoor type accounts with innocous names like 'sys' or 'printserver'.
How much do you trust this person not to have made sure they have a way back in if you do change the admin password? If you think they've been up to no good and theres money involved then pay someone to look the system over.
Ian
