How To Reset the Directory Services Restore Mode Administrator Account Password in Windows Server 2003

Summary

This article describes how to reset the Directory Services Restore Mode (DSRM) administrator password for any server in your domain without restarting the server in DSRM. Microsoft Windows 2000 uses the Setpwd utility to reset the DSRM password. In Microsoft Windows Server 2003, that functionality has been integrated into the NTDSUTIL tool. Note that you cannot use the procedure that is described in this article if the target server is running in DSRM. A member of the Domain Administrators group sets the DSRM administrator password during the promotion process for the domain controller. You can use Ntdsutil.exe to reset this password for the server on which you are working, or for another domain controller in the domain.

To Reset the DSRM Administrator Password

  1. Click, Start, click Run, type ntdsutil, and then click OK.
  2. At the Ntdsutil command prompt, type set dsrm password.
  3. At the DSRM command prompt, type one of the following lines:
    • To reset the password on the server on which you are working, type reset password on server null. The null variable assumes that the DSRM password is being reset on the local computer. Type the new password when you are prompted. Note that no characters appear while you type the password.

      -or-
    • To reset the password for another server, type
      reset password on server
      servername
      , where
      servername is the DNS name for the server on which you are resetting the DSRM password. Type the new password when you are prompted. Note that no characters appear while you type the password.
  4. At the DSRM command prompt, type q.
  5. At the Ntdsutil command prompt, type q to exit.
Properties

Article ID: 322672 - Last Review: Jan 7, 2008 - Revision: 1

Feedback