Tuesday, August 12, 2008

Reset the Directory Services Restore Mode Password: Windows Server 2003

There are several different instances in which this password may need to be changed. These include:
  1. An administrator leaving the company
  2. The server was not setup to standard
  3. To ensure that you know what the password is
Additionally, a backup of AD is only as good as your ability to restore it. One of the very important items needed (in addition to a good backup) is the directory services restore mode password. Without this password, the directory will not be restored and more than likely, you won't be in a position at that time to change the password.

To change the password use the ntdsutil utility at the command line (or from Start->Run):
ntdsutil: set dsrm password


This will start the password reset utility. At this point, you can reset the password on a remote machine, or on the local machine. To reset the password on a remote machine, enter the command:
Reset DSRM Administrator Password: reset password on server server name


Use "null" to reset the local machine's password:
Reset DSRM Administrator Password: reset password on server null


You will be prompted to enter the new password and to confirm it.
Please type password for DS Restore Mode Administrator Account:
Please confirm new password:
Password has been set successfully.


That's it.

No comments: