DSRM (Directory Services Restore Mode) is a boot mode on a domain controller for repairing and restoring Active Directory data. To boot your computer into DSRM mode, you need to know the DSRM administrator password, which is set during the process of promoting member server to a domain controller. There’s a chance you could forget your DSRM administrator password because it’s so rarely used. In this tutorial we’re going to explain how to change or reset the DSRM administrator password on Windows Server 2012/2008/2003 and 2000.
Change or Reset the DSRM Administrator Password
If you can log on domain controller using the domain administrator account, you can use the NT Directory Services utility (Ntdsutil.exe) to change the DSRM administrator password. To do so, follow these steps:
- Log on to the domain controller using an account with administrative rights.
- Go to Start | Run, type cmd, and press [Enter].
- At the command prompt, type cd %SystemRoot%\System32,and press [Enter].
- Type ntdsutil, and press [Enter].
- Type set dsrm password, and press [Enter].
- At the DSRM command prompt, you can reset the password for either the server on which you’re working or for another server. For the former, type reset password on server null, and enter the new password when prompted. (No characters will appear when you type the password.)
To reset the password for another server, type reset password on server <servername> (where <servername> is the DNS name for the server in question), and enter the new password when prompted. (No characters will appear when you type the password.) - At the DSRM command prompt, type q to exit.
- At the Ntdsutil command prompt, type q to exit the utility and return to the command prompt.
Couldn’t Login to Domain Controller?
If you can’t log into domain controller, the trick mentioned above doesn’t work any more! Fortunately there is a professional Windows password cracking utility – Reset Windows Password, which allows you to reset DSRM password easily. Just follow these steps:
- You need an alternative computer with internet access to download the Reset Windows Password utility.
- Unzip the download file, you’ll get the ResetWindowsPwd.iso file.
- Burn the ISO image file to a CD or USB thumb drive using the ISO2Disc tool.
- Insert your newly burned CD/USB drive into the domain controller and turn on the computer. Get into the BIOS and change the boot order to set the computer to boot from CD/USB.
- Once you’ve gotten it to boot from the CD/USB, the computer will load the system inside the CD/USB drive and launch the Reset Windows Password utility.
- Click on the Reset Local Admin/User Password option, you’ll see the Windows SAM database and local user accounts.
- Choose the local administrator account and click on the Reset Password button.
- It will remove your forgotten DSRM administrator password immediately.
The DSRM administrator password is a tremendously powerful password, and you should change it at regular intervals, along with all of your other administrative account passwords.