Resetting the Directory Services Restore Mode (DSRM) Password in Windows Server

How to Reset Forgotten Directory Services Restore Mode Password in Active Directory

In Our recent post we have discussed about Windows Server 2016 Installation Procedures and the Best New Features of Windows Server 2016 Technical preview. 

Now will see about How to Reset Directory Service Restore Mode Password in Windows Server

What is DSRM?

Directory Services Restore Mode (DSRM) is a special boot mode for repairing or recovering Active Directory. It is used to log on to the computer when Active Directory has failed or needs to be restored.

The password is initially set when a server is promoted to a domain controller. It’s important that this password is well documented and stored in a secure location.

If you forget the DSRM password, you can’t use the recovery console nor restore the Active Directory (AD) database.

Windows Server 2003:

To load Active Directory you must boot DSRM. U-Move will offer to automatically reboot the computer to DSRM and resume the interview where it left off.

Windows Server 2008-2016:

DSRM is rarely needed on Windows Server 2008-2016. AD can be stopped and re-started without a reboot, making DSRM unnecessary.

DSRM is only needed when you are using remote desktop software, or when doing a domain-wide restore or a forest-wide restore, or when AD is so damaged that it will not boot.

 

Here the Complete Guide about the Installation and Configuration of various Active Directory Services:

How to Reset DSRM Password?

1. Log onto the server and Open a command-prompt with administrative rights.

2. Run the ntdsutil command and Click OK

3. At the Ntdsutil command prompt, type set dsrm password

4. At the Reset DSRM Administrator Password prompt, type reset password on server null (If resetting the DSRM password on local DC) and then press Enter.If resetting the DSRM password for another DC, type reset password on server servername where servername is the FQDN of the server for which you are resetting the password.

 

5. You’ll be prompted twice to enter the new password.

How to Reset Directory Service Restore Mode Password

6. Type q to exit the DSRM command prompt.

You can now use the local administrator account to log on to the recovery console or Directory Services Restore Mode using the new password.

However, you can only use the Ntdsutil utility to reset DSRM password while logging into domain controller.

Also Read:

 

Check Also

Complete GPUpdate Commands

Learn The Difference Between Gpupdate and Gpupdate [Force, Sync, Logoff, Boot, Target, Wait ]: Complete GPUpdate Commands

Group Policy plays a very important role in the Active Directory Infrastructure and as a …

One comment

  1. The DSRM password is actually the local administrator password stored in C:\Windows\System32\SAM. When we’re locked out, we can remove it with PCUnlocker.

Leave a Reply

Your email address will not be published. Required fields are marked *