What is a domain admin account? The domain administrator users are allowed administrative privileges for the entire domain. By default, the group has the local Administrator account on the Domain Controller as its member. Why do you need create a domain admin account? There is a built-in Administrator account on computer domain. Maybe this defaulted domain account is the most useful but the most dangerous account on your system. For security, you would better disable it and create another domain admin account. Also if you didn’t disable the built-in domain administrator account in the past, now you have just forgotten its password. To regain access to domain, you have to find the password or create a new domain account. How to create domain admin account? No matter your computer is a Domain Controller or a domain user, if you didn’t disable the built-in domain administrator account, it’s very easy for you to create a new domain admin user. Optional 1: Have Built-in domain administrator to create a domain admin. To set up a domain admin account, you should: A. Create a new user on the domain controller; B. Include the newly created user in the Domain Admin group. Following are the whole procedures: Step 1. Log in to the domain controller with the built-in domain administrator account. Step 2. Click "Start->Administrative Tools->Active Directory Users and Computers". Step 3. In the left pane of the “Active Directory Users and Computers” window, expand the contents of the newly created Active directory domain. (For example, the domain here in my PC is “andyserver.com) Step 4. Right click “Users” folder, point to "New", and select "User" next. Step 5. In the "New Object-User" windows, do the followings: Type your first name, last name, full name and User logon name in the corresponding box, after done, click "Next". Step 6. Enter your new password in the "Password" and "Confirm password" column. (Note: the password should meet the password complexity requirements.) And do not choose "User must change password at next logon". Then click "Next". Step 7. Click "Finish" to complete the account creating. Step 8. Now you can find the newly created domain user account in "Users" folder. Right click that account, and choose "Add to a group". Step 9. In the "Select Groups" dialog box, type "Domain Admins" (without quotations) and then click "OK". Optional 2: Have Windows Password Recovery Ultimate to create domain admin account when PC is locked or domain cannot be visited. If your PC is locked or the domain on your PC cannot be visited, a third party application can be your last straw. Here I will take Windows Password Recovery Ultimate for instance. Below are the detailed instructions. A. Download Windows Password Recovery Ultimate, and then install, run it on an accessible PC. B. Insert a blank CD/DVD/USB Flash Drive to the computer. And then click “Burn” to start burning am ISO image file to CD/DVD/USB Flash Drive. C. After the burning is done, take out of that burned device to your target PC, and set the computer boot from CD/DVD/USB Flash Drive. D. After the BIOS setting is done, reboot your computer and soon an interface of Windows Password Recovery Ultimate will show up. E. Start to create new account according to the instruction displayed on the interface step by step. Those above are collected by me, and I used to create domain user in those ways. Hopefully it could be handy and helpful to you all.