Directory Services Restore Mode (DSRM) is a special boot mode in Windows Server that allows administrators to repair or restore an Active Directory (AD) database. When a domain controller (DC) is booted into DSRM, it runs in a state where the AD services are offline, and it allows the administrator to perform maintenance tasks on the AD database, such as restoring backups, fixing replication issues, or resetting the AD database.
Setting the DSRM Password
The DSRM password is crucial because it is used to log into the domain controller when it is in Directory Services Restore Mode. This password is initially set during the promotion of a server to a domain controller, but it can be changed later if needed.
Here’s how to set or reset the DSRM password:
Option 1: During Domain Controller Promotion
- During DC Promotion: When you promote a server to a domain controller using the Active Directory Domain Services Installation Wizard (DCPROMO), you’ll be prompted to set the DSRM password.
Option 2: Using the Command Line (Ntdsutil)
- Open Command Prompt: Open a Command Prompt with administrative privileges.
- Run Ntdsutil:
- Type
ntdsutiland press Enter.
- Type
- Activate Instance NTDS:
- Type
activate instance ntdsand press Enter.
- Type
- Set DSRM Password:
- Type
set dsrm passwordand press Enter. - Then type
reset password on server nullto reset the password on the local server.
- Type
- Enter and Confirm New Password:
- You will be prompted to enter and confirm the new DSRM password.
- Exit Ntdsutil:
- Type
quitto exit the Ntdsutil tool.
- Type
Steps for changing the password for DSRM.