This article details the steps to reset DSRM administrator password. If you have forgotten the Directory Services Restore Mode (DSRM) password, you can reset it using Ntdsutil.
The Directory Services Restore Mode (DSRM) password is first set when promoting a new Domain Controller.
If you remember the DSRM password for a domain controller, it’s well and good. However, if you have taken over a Domain Controller that was set up was someone else, you may be stuck with the DSRM password.
I have worked on many Active Directory environments where the DSRM password for the Domain Controllers was not known or was not safely stored for retrieval when needed.
In such situations, you as an administrator can use Ntdsutil.exe utility to reset DSRM administrator password on a domain controller.
We know that Domain Controllers don’t have a local administrator account with which you can log in, like you have on workstations and servers.
Suppose the Active Directory fails on the Domain Controller, you may not be able to log onto the server using your domain credentials to repair the Active Directory. Hence, you must know the DSRM password for administrator account.
There are different ways to reset the DSRM administrator password:
- Using NTDSUtil.exe, reset the DSRM admin password
- Third-party softwares
Avoid using third-party softwares to reset the Directory Services Restore Mode (DSRM) password. They may or may not work well and installing third-party softwares on domain controllers is restricted in most organizations.
Reset DSRM Administrator Password using Ntdsutil
Follow the below instructions to reset DSRM Administrator password using Ntdsutil.exe:
- Click Start > Run, type cmd and launch the command prompt as administrator.
- In the cmd prompt, type ntdsutil, and press enter key.
- At the Ntdsutil command prompt, type the command set dsrm password.
You will be now prompted to reset DSRM administrator password. Here you have two options:
- Remote server: To reset the password for another server, type reset password on server servername, where servername is the DNS name for the server on which you’re resetting the DSRM password.
- Local server: To reset the password on the server on which you’re working, type reset password on server null.
In this example, I am logged in to the domain controller, so I will be using the “reset password on server null” command. Press enter key.
In this next step, enter the password for DS Restore mode Administrator account twice. Password has been set successfully confirms the DSRM Administrator Password has been reset successfully.
Here is one confusing thing. Once you reset the DSRM administrator password, you will again see the prompt to reset the password. At the DSRM command prompt, type q and at the Ntdsutil command prompt, type q to exit.
I’ve had to perform this process more than 8x times in the past few year. I’ll only ever follow the instructions on your site. Excellent.
Excellent Work. Keep rocking