Forgot, Lost, Reset, Change, DSRM Password – Directory Services Restore Mode Password

The Directory Services Restore Mode (DSRM) password is created when a server is promoted to a domain controller.

I recently started doing an audit on my domain controllers and noticed no one had documented some of the DSRM passwords.  From experience, having the Directory services Restore Mode (DSRM) password is always a useful thing to have.  Two of the domain controllers were actually setup before I was ever employed at my current place of work and so obviously I didn’t have them.  I asked the IT Manager if he knew what the Directory services Restore Mode (DSRM) password and I was given a look of confusion….not sure if he was confused at my question or confused at to what the password was……anyways….I knew nothing productive would come out of it so I decided to ask Google.  Google gave me a quick answer!

Here’s how to change the Directory Services Restore Mode (DSRM) password in Windows 2003 Server!

  1. Log onto the domain controller you want to change the DSRM password for (as a user with domain admin rights)
  2. Click Start
  3. Click Run
  4. Type ntdsutil and click Ok
  5. Type reset password on server null
  6. Type the new password ( characters will appear when you type)
  7. Type q
  8. Type q
  9. That’s it!

***Now you can type reset password on server servername in step 5 to change the password for another server.  servername is the DNS name of the server***

Leave a Reply

Your email address will not be published. Required fields are marked *