Home > StorageCraft > How to reset DSRM for Windows Servers

How to reset DSRM for Windows Servers

When restoring a Domain controller, it's recommended to boot into Active Directory Restore Mode on first boot.  This will require the initial password when the server was first built.  It's recommend that if you're unaware of what this is, to reset it by following the steps below.

When a Windows Server 2012/2008/2003/2000 machine is prompted to a domain controller (DC), the Directory Services Restore Mode (DSRM) password is created for the local administrator account. This password will be used only when booting into the recovery console or Directory Services Restore Mode. If you forget the DSRM password, you can't use the recovery console nor restore the Active Directory (AD) database.

Reset DSRM Password with Ntdsutil

  1. On your machine, select Run from the Start menu, type ntdsutil and click OK.

    Ntdsutil

  2. At the Ntdsutil command prompt, type set dsrm password.
  3. At the DSRM command prompt, run the Reset Password command, passing the name of the server on which to change the password, or use the null argument to specify the local machine. For example, to reset the password on server thanos, enter the following command:
    reset password on server thanos
    To reset the password on the local machine, specify null as the server name:
    reset password on server null
  4. You'll be prompted twice to enter the new password.
  5. Type q to exit the DSRM command prompt.

    reset DSRM password

  6. At the Ntdsutil command prompt, type q to exit.

You can now use the local administrator account to log on to the recovery console or Directory Services Restore Mode using the new password. However, you can only use the Ntdsutil utility to reset DSRM password while logging into domain controller. If you also forgot domain administrator password, then you need to use the method below to change your forgotten DSRM password.

 

Please also refer to our support document "Special Steps required when restoring an Active Directory Domain Controller"