Monday, July 29, 2013

DSRM Mode password reset in windows server 2008

The article explains the steps to be done to reset the Directory service restore mode password for AD servers in a domain. This is done using ntdsutil tool.

-On the command prompt, type ntdsutil
- On the ntdsutil> prompt, type "set dsrm password"
-You will get the following prompt - Reset DSRM Administrator Password:
-Type the command to reset the dsrm password on the server of your choice at this point
  •  If you want to set password on the server that you are logged in currently, type "reset password on server null"
  • If you want to reset password on another Ad server in the same domain type "reset password on server <DNS name of the target AD server> "
-Next you will be getting prompts for typing and confirming the new password
-Enter and confirm the new passwords
-Once done, type 'q' to quit the DSRM as well as the ntdsutil command prompt

PS: Good news is that , as you can see, you need not know the old DSRM password. So this will work in cases where you forget the DSRM password that you set initially

Note: You cannot change the DSRM password on a server that is currently in DSRM mode, neither locally nor remotely from another AD in the sam domain






 

No comments:

Post a Comment