William Bell Sun, 06/20/2010 - 09:38
User Badges:
  • Purple, 4500 points or more

You can change the OS admin password (e.g. Administrator) using the Microsoft user manager (just as you would for any other account).  If you need to modify existing service accounts or the cluster password using the Admin Utility.  From the following URL:


Change Passwords in Cisco CallManager

You can change the administrative passwords using either one of  these       methods on Cisco CallManager servers that run on a Windows Operating  System. It       is necessary to reboot the cluster after you change the passwords in  order to       remove any potential problems with Windows password caching.

Note: If the Lightweight Directory Access Protocol (LDAP) setting  is           Microsoft Active Directory instead of DC Directory, you must manually  set this           password using Active Directory.

Note: The Administrator account serves as the default Windows NT           administration account. Cisco CallManager does not use this password.

  • Choose Start > Program Files > Administrative Tools > Computer           Management > Users, select Administrator           Account and right-click Set           Password.

  • The Windows Administrator account password is a login password into           the physical server. You can change the Windows Administrator password  when you           press Ctrl+Alt+Delete and click on Change           Password.

CCMPWDChanger Tool

The CCMPWDChanger tool is used to change the passwords for  Directory       Manager, CCMSysUser, CCMAdministrator, and IPMASysUser.

From the Cisco CallManager, choose Start >       Run, type CCMPWDChanger and press       Enter. Refer to       Change        the Password for more details on the CCMPWDChanger tool.

Note: The CCMPWDChanger tool should be used only on the Cisco  CallManager           Publisher server.

Change CallManager Services Passwords with the Admin  Utility

The Admin Utility is used in order to change the services password  and       synchronize for SQLSvc, CCMServiceRW, CCMService, CCMCDR, and CCMUser  in the       Cisco CallManager cluster. Run this from C:\Program       Files\Cisco\Bin\Adminutility.exe. The Admin Utility changes the       cluster private password, which in turn generates new encrypted  passwords for       the SQLSvc, CCMServiceRW, CCMService, CCMCDR, and CCMUser accounts.  Keep this       in mind when running this utility. Refer to       Check        Password Synchronization with the Admin Utility in the Cisco  CallManager       Cluster for more information on the Admin Utility.



Please remember to rate helpful posts.

William Reed Sun, 06/20/2010 - 17:38
User Badges:

So if I am reading correct the CM system might either be tied to LDAP authenticaion or use a local DC directory database?

Aaron Harrison Sun, 06/20/2010 - 23:43
User Badges:
  • Super Bronze, 10000 points or more
  • Community Spotlight Award,

    Member's Choice, May 2015


Yeah, you can be integrated to AD with CM4 if you are unfortunate. On the server, go to c:\dcdsrvr and open a file called DirectoryConfiguration.ini. If there is a reference to an AD server on port 389 then you are using AD, if it's 8404 then you are using the built-in LDAP server (DC Directory). The line will look like so:


The 'administrator' account is still a Windows account even if you are not integrated to AD: it's the local/Windows administrator account on the server.



William Reed Tue, 06/22/2010 - 13:23
User Badges:

Hello I am not AD integrated. How do you suggest I get access to CallManager web admin page if I do not know the password? I have Windows admin access but cannot login to the CallManager admin webpage.

William Bell Tue, 06/22/2010 - 13:40
User Badges:
  • Purple, 4500 points or more


AD integrated or not you should be able to use ccmpwdchanger as described in the link I posted earlier:


If you need step-by-step procedures, then you can use this link:


There are likely some variations between the procedures in the above technote and reallity.  So, keep your wits about you.  It should be pretty close though.  Key point, at step 3 and step 4 you would choose ccmadministrator instead of Directory Manager (from the drop down list).  This is going back many moons for me but as I recall the procedure works.

If I recall correctly, the passwords for Directory Manager, ccmadministrator, etc. are stored in the registry (in a hashed format).



Please remember to rate helpful posts.

William Reed Tue, 06/22/2010 - 13:42
User Badges:

Thanks. We are going to reset with CCMPWDChanger soon, however if I could locate the hash password in the registry I might be able to crack it as I have already cracked one of their MD5 hash passwords.

Do you know where it is stored?

Jaime Valencia Tue, 06/22/2010 - 14:00
User Badges:
  • Cisco Employee,
  • Hall of Fame,


/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}

HKEY_LOCAL_MACHINE\SOFTWARE\Cisco Systems, Inc.\Directory Configuration



If this helps, please rate



This Discussion