Reset DSRM Administrator Password using Ntdsutil

This article details the steps to reset DSRM administrator password. If you have forgotten the Directory Services Restore Mode (DSRM) password, you can reset it using Ntdsutil.

The Directory Services Restore Mode (DSRM) password is first set when promoting a new Domain Controller.

If you remember the DSRM password for a domain controller, it’s well and good. However, if you have taken over a Domain Controller that was set up was someone else, you may be stuck with the DSRM password.

I have worked on many Active Directory environments where the DSRM password for the Domain Controllers was not known or was not safely stored for retrieval when needed.

In such situations, you as an administrator can use Ntdsutil.exe utility to reset DSRM administrator password on a domain controller.

We know that Domain Controllers don’t have a local administrator account with which you can log in, like you have on workstations and servers.

Suppose the Active Directory fails on the Domain Controller, you may not be able to log onto the server using your domain credentials to repair the Active Directory. Hence, you must know the DSRM password for administrator account.

There are different ways to reset the DSRM administrator password:

  • Using NTDSUtil.exe, reset the DSRM admin password
  • Third-party softwares

Avoid using third-party softwares to reset the Directory Services Restore Mode (DSRM) password. They may or may not work well and installing third-party softwares on domain controllers is restricted in most organizations.

Reset DSRM Administrator Password using Ntdsutil

Follow the below instructions to reset DSRM Administrator password using Ntdsutil.exe:

  • Click Start > Run, type cmd and launch the command prompt as administrator.
  • In the cmd prompt, type ntdsutil, and press enter key.
  • At the Ntdsutil command prompt, type the command set dsrm password.
Reset DSRM Administrator Password using Ntdsutil
Reset DSRM Administrator Password using Ntdsutil

You will be now prompted to reset DSRM administrator password. Here you have two options:

  • Remote server: To reset the password for another server, type reset password on server servername, where servername is the DNS name for the server on which you’re resetting the DSRM password.
  • Local server: To reset the password on the server on which you’re working, type reset password on server null.

In this example, I am logged in to the domain controller, so I will be using the “reset password on server null” command. Press enter key.

In this next step, enter the password for DS Restore mode Administrator account twice. Password has been set successfully confirms the DSRM Administrator Password has been reset successfully.

Reset DSRM Administrator Password using Ntdsutil
Reset DSRM Administrator Password using Ntdsutil

Here is one confusing thing. Once you reset the DSRM administrator password, you will again see the prompt to reset the password. At the DSRM command prompt, type q and at the Ntdsutil command prompt, type q to exit.

Reset DSRM Administrator Password using Ntdsutil
Reset DSRM Administrator Password using Ntdsutil

Leave a Comment