Home >> FAQ Center >> Reset Directory Service Restore Mode Password in Windows Server
2 Options to Reset Directory Service Restore Mode Password in Windows Server 2012 (R)/2008 (R)/2003 (R)
What is DSRM?
Directory Service Restore Mode (DSRM) is a boot mode on a Domain Controller for repairing and restoring Active Directory data. You have to use DSRM to login locally on a Domain Controller if there is a need to repair or restore Active Directory database.
The DSRM password is set during the process of promoting member server to a Domain Controller. Your Domain Controller's Directory Services Restore Mode password is among the most powerful logins on any Windows network. If your DSRM password is cracked by others, they can copy and change the Active Directory database, and reboot the server.
If you forgot the password, you'd better reset Directory Services Restore Mode password as soon as possible.
How to Reset DSRM Password?
Here I will share two options to reset forgotten DSRM password on your Windows Server 2012 (R)/2008 (R)/2003 (R).
1. Reset DSRM Password with Ntdsutil
Ntdsutil utility is a free nice solution to a forgotten local DSRM administrator password. However, it just works for Windows Server 2003 and later. Just follow the detailed instructions as below:
Step 1: Run the ntdsutil command from an elevated command prompt.
Step 2: To open an elevated command prompt, click Start, right click Command Prompt, and then type ntdsutil.
Step 3: At the ntdsutil command prompt , type set dsrm password.
Step 4: At the DSRM command prompt, type the different command lines as to your situation:
To reset DRSM password on the server on which you are working, type reset password on server null, null represents the local server where you are. Type the new password when you are prompted. Note that no characters appear while you type the password.
To reset the password for another server, type reset password on server servername. Servername is the DNS name for the server on which you are resetting the DSRM password. Type the new password when you are prompted. Note that no characters appear while you type the password.
Step 5: Type the new password when prompted (note no characters will appear)
Step 6: At the DSRM command prompt, type q and then press enter
Step 7: At ntdsutil command prompt, type q and then press enter to exit