My school's domain admin password was 'school' (later changed to the school's name with O->0 substitution). It's marginally better than their VNC password though, which was 'vnc' (VNC Server was installed on every machine in the school).
At my school the password was the person’s username. Someone guessed it one day. Which in hindsight was inevitable when the login screen was exposed to hundreds of bored kids every day.