Reset the Directory Services Restore Mode Password: Windows Server 2003

There are several different instances in which this password may need to be changed. These include:

1. An administrator leaving the company
2. The server was not setup to standard
3. To ensure that you know what the password is

Additionally, a backup of AD is only as good as your ability to restore it. One of the very important items needed (in addition to a good backup) is the directory services restore mode password. Without this password, the directory will not be restored and more than likely, you won't be in a position at that time to change the password.

To change the password use the ntdsutil utility at the command line (or from Start->Run):

ntdsutil: set dsrm password

This will start the password reset utility. At this point, you can reset the password on a remote machine, or on the local machine. To reset the password on a remote machine, enter the command:

Reset DSRM Administrator Password: reset password on server server name

Use "null" to reset the local machine's password:

Reset DSRM Administrator Password: reset password on server null

You will be prompted to enter the new password and to confirm it.

Please type password for DS Restore Mode Administrator Account:
Please confirm new password:
Password has been set successfully.

That's it.