How to reset the Directory Services Restore Mode (DSRM) password

Windows SBS 2011

The Directory Services Restore Mode (DSRM) password is used for restoring  Active Directory data on a Domain Controller. During an AD restore you can’t authenticate to Acitve Directory because it isn’t started while you boot into the restore mode and there aren’t any local accounts on a Domain Controller, so the DSRM password is used instead. This is a particularly important password to know in a single Domain Controller environment like an Small Business Server domain (although you can add additional DCs). It’s also a very good password to reset if you take on a new client with existing infrastructure that has been setup by someone else.

On SBS 2011 although you are not prompted to specify the DSRM password, it defaults to the password you use to install the server with. On Windows 2008, 2012, 2012 R2 when you promote a Member Server to a Domain Controller, you are asked to specify the password.

To reset it is a relatively painless process:

1. From an elevated command prompt type ntdsutil.

2. At the ntdsutil prompt type set dsrm password.

3. At the Reset DSRM Administrator Password prompt type reset password on server servername, where servername is the name of the server you are on.

4. Enter the new password, and then hit return.

5. Confirm your password and hit return and you should see the message: Password has been set successfully.

6. Press q or type quit twice to exit back to the command prompt.

ntdsutil - set dsrm password - reset password on server servername - enter password - password has been set successfully

Related Posts:

1. How to clean up WinSxS folder on SBS 2011 or Windows 2008 R2

2. PowerShell: Get-ADComputer to retrieve computer last logon date – part 1

3. How to upgrade Windows Server 2012 R2 evaluation version to full version

4. Exchange 2010 SP3 Update Rollup 12 released and installation tips

2 thoughts on “How to reset the Directory Services Restore Mode (DSRM) password

    1. Post author

      If you take over managing a DC from someone else/another company, you’ll need to know the Directory Services restore mode password if you have to do an AD restore.

Comments are closed.