Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products

How to Reset the Directory Services Restore Mode Administrator password

Summary: This article gives information about resetting the Directory Services Restore Mode (DSRM) Administrator password on an Active Directory domain controller.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.

Instructions

The DSRM administrator account is the only local user account on a domain controller (DC). This account is not accessible when the DC is booted into normal mode. As its name implies, the account can only be used to boot the DC into Directory Services Restore Mode. The password for the DSRM administrator account is set during the DC promotion process. Since the account is rarely used, its password can be forgotten. The following steps show how to reset its password.
 
Note: The DC must be booted into normal mode, not DSRM, to perform these steps.
 
  1. Type ntdsutil.exe at an elevated command prompt to open the NTDSUtil command interface.
  2. Type set dsrm password.
  3. Type reset password on server dc1 (replacing dc1 with the name of the DC).
  4. Type the new password.
  5. Retype the new password.
  6. Type quit to exit the Reset DSRM Administrator Password interface.
  7. Type quit to exit NTDSUtil.
Setting the DSRM password with the ntdsutil tool
Figure 1: Setting the DSRM password with the NTDSUtil tool

A video of this procedure is found at:

Set Your Directory Services Restore Mode Password.

Duration: 00:03:19 (hh:mm:ss)

When available, closed caption (subtitles) language settings can be chosen using the CC icon on this video player.

Additional Information

As demonstrated in the video, it is also possible to synchronize the DSRM password with the password of an existing domain account. In step 3 of the above procedure, type sync from domain account username (replacing username with the username of a domain account). Skip steps 4 and 5, which are unnecessary.

This performs a one-time synchronization. If the password of the specified domain account is later changed, the DSRM administrator password is not updated then.

Affected Products

Microsoft Windows Server 2016, Microsoft Windows Server 2019, Microsoft Windows Server 2022, Microsoft Windows Small Business Server 2011 Essentials, Microsoft Windows Small Business Server 2008, Microsoft Windows Essential Business Server 2008 , Microsoft Windows 2008 Server R2, Microsoft Windows 2008 Server Service Pack 2, Microsoft Windows 2012 Server, Microsoft Windows 2012 Server R2 ...
Article Properties
Article Number: 000136611
Article Type: How To
Last Modified: 24 Jul 2024
Version:  10
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.