I have been researching ways to reset a domain admin password for a client who forgot what they typed in when they set the password.
Most password crackers work only on local accounts, not for anything on a domain. It seems like the way to go about this is to reset the local admin account, then login using Directory Service Recovery Mode to reset the domain admin account.
Here are some of the articles I have been reading:
http://www.jms1.net/nt-unlock.shtml <– this idiot won’t let you view his pages if you are running IE, so use firebox, but again, that’s just stupid