Friday, 2 September 2011

Reset the Directory Services Restore Mode (DSRM) Administrator Account Password

It's very important you have a record of the Directory Services Restore Mode (DSRM) Administrator Account password for all your Domain Controllers.

You may be put in a situation were there is no such records such as starting a new job and you want to have these information recorded in case of an emergency.

I found myself in this situation and quickly went about standardising the DRSM password on all the DC's in the organisation.

This can be done quite quickly using the below steps and is valid for both Windows Server 2003 and server 2008:

1. Click Start> Run> enter ntdsutil.exe

2. Enter the command set dsrm password at the ntdsutil prompt:

3. Run the Reset Password command, passing the name of the server on which to change the password, or use the null argument to specify the local machine. For example, to reset the password on server DC1, enter the following argument at the Reset DSRM Administrator Password prompt:
Reset DSRM Administrator Password: reset password on server DC1

To reset the password on the local machine, specify null as the server name:
Reset DSRM Administrator Password: reset password on server null

5. You’ll be prompted twice to enter the new password. You’ll see the following messages:

Please type password for DS Restore Mode Administrator Account:
Please confirm new password:
Password has been set successfully

6. Exit the password-reset utility by typing “quit” at the following prompts:
Reset DSRM Administrator Password: quit
ntdsutil: quit

No comments:

Post a Comment