Posts Tagged ‘Directory Services Restore Mode password’

How to Change or Reset DSRM Administrator Password

February 28th, 2013 by Admin

DSRM (Directory Services Restore Mode) is a boot mode on a domain controller for repairing and restoring Active Directory data. To boot your computer into DSRM mode, you need to know the DSRM administrator password, which is set during the process of promoting member server to a domain controller. There’s a chance you could forget your DSRM administrator password because it’s so rarely used. In this tutorial we’re going to explain how to change or reset the DSRM administrator password on Windows Server 2012/2008/2003 and 2000.

Change or Reset the DSRM Administrator Password

If you can log on domain controller using the domain administrator account, you can use the NT Directory Services utility (Ntdsutil.exe) to change the DSRM administrator password. To do so, follow these steps:

  1. Log on to the domain controller using an account with administrative rights.
  2. Go to Start | Run, type cmd, and press [Enter].
  3. At the command prompt, type cd %SystemRoot%\System32,and press [Enter].
  4. Type ntdsutil, and press [Enter].
  5. Type set dsrm password, and press [Enter].
  6. At the DSRM command prompt, you can reset the password for either the server on which you’re working or for another server. For the former, type reset password on server null, and enter the new password when prompted. (No characters will appear when you type the password.)
    To reset the password for another server, type reset password on server <servername> (where <servername> is the DNS name for the server in question), and enter the new password when prompted. (No characters will appear when you type the password.)
  7. At the DSRM command prompt, type q to exit.
  8. At the Ntdsutil command prompt, type q to exit the utility and return to the command prompt.

Couldn’t Login to Domain Controller?

If you can’t log into domain controller, the trick mentioned above doesn’t work any more! Fortunately there is a professional Windows password cracking utility – Reset Windows Password, which allows you to reset DSRM password easily. Just follow these steps:

  1. You need an alternative computer with internet access to download the Reset Windows Password utility.
  2. Unzip the download file, you’ll get the ResetWindowsPwd.iso file.
  3. Burn the ISO image file to a CD or USB thumb drive using the ISO2Disc tool.
  4. Insert your newly burned CD/USB drive into the domain controller and turn on the computer. Get into the BIOS and change the boot order to set the computer to boot from CD/USB.
  5. Once you’ve gotten it to boot from the CD/USB, the computer will load the system inside the CD/USB drive and launch the Reset Windows Password utility.

    Reset Windows Password

  6. Click on the Reset Local Admin/User Password option, you’ll see the Windows SAM database and local user accounts.
  7. Choose the local administrator account and click on the Reset Password button.
  8. It will remove your forgotten DSRM administrator password immediately.

The DSRM administrator password is a tremendously powerful password, and you should change it at regular intervals, along with all of your other administrative account passwords.

Comments Off on How to Change or Reset DSRM Administrator Password »

Posted in Active Directory Password, Tips & Tricks

Tags:

How to Reset Forgotten Directory Services Restore Mode Password in Active Directory

September 29th, 2012 by Admin

Certain tasks in Active Directory require that you start the domain controller without Active Directory running. These include restoring the database from backup, moving the database, and performing an offline defragmentation of the database. When you start the domain controller and Active Directory is not running, you must log on as the Directory Services Restore Mode (DSRM) account. The password for this account is set when you install Active Directory. The problem is, many people set this password weeks or months ago, and when it comes time to use it, they can’t remember what it is. Does this sound familiar?

Here we’ll show you an easy way to reset forgotten Directory Services Restore Mode password in Active Directory 2008/2003/2000. Reset Windows Password utility can run on a CD or USB flash drive and help you remove Directory Services Restore Mode password without logging in to Active Directory.

How to Reset Forgotten Directory Services Restore Mode Password in Active Directory?

  1. Download the Reset Windows Password utility. Unzip the download file and you’ll get a ResetWindowsPwd.iso file.
  2. Burn the ISO image file to a blank CD using any burning program (we recommend BurnCDCC) that can burn ISO images.
  3. After you have the Live CD, bring it to boot off your domain controller whose password you want to reset. You’ll see that the computer will load some files inside the Live CD and launch the Reset Windows Password utility.

  4. Click on the Reset Local Admin/User Password option, then choose the Windows SAM database from the drop-down list. It will display the local user accounts and you can find which account is password-protected.
  5. Choose the administrator account and then click on the Reset Password button, it will blank your Directory Services Restore Mode password immediately.
  6. Now remove the Live CD and restart the computer, you can then log in to the Directory Services Restore Mode (DSRM) account with a blank password.

As it’s shown in the steps above, you can also click the Reset Active Directory Password option to unlock your domain user password if you forgot domain admin/user password.

Comments Off on How to Reset Forgotten Directory Services Restore Mode Password in Active Directory »

Posted in Active Directory Password, Tips & Tricks

Tags: