Windows Server Essentials
United States (English) Sign in
Home 2012 2011 2008 2003 Library Forums
This topic has not yet been rated - Rate this topic

Synchronize the DSRM password with the network administrator password

Updated: October 4, 2012

Applies To: Windows Server 2012 Essentials

Directory Services Restore Mode (DSRM) is a special boot mode for repairing or recovering Active Directory. The operating system uses DSRM to log on to the computer if Active Directory fails or needs to be restored. If your network administrator password and the DSRM password are different, DSRM will not load.

During a clean, first-time install of Windows Server 2012 Essentials, the installation program sets the DSRM password to the network administrator account password that you specify during setup or in the migration answer file. When you change your network administrator password, as recommended typically every 60 days for increased server security, the password change is not forwarded to DSRM. This results in a password mismatch. If this occurs, you can use the following solutions to manually or automatically synchronize your Network Administrator’s password with the DSRM password.

  1. At a command prompt, run ntdsutil.exe to open the ntdsutil tool.

  2. To reset the DSRM password, type set dsrm password.

  3. To synchronize the DSRM password on a domain controller with the current network administrator’s account, type:

    sync from domain account <current_network_administrator_account>, and then press ENTER.

Because you will periodically change the password for the network administrator account, to ensure that DSRM password is always the same as the current password of the network administrator, we recommend that you create a schedule task to automatically synchronize the DSRM password to the network administrator password daily.

  1. From the server, open the Administrative Tools, and then double-click Task Scheduler.

  2. In the Task Scheduler Actions pane, click Create Task.

  3. In the Name text box, type a name for the task such as AutoSync DSRM Password, and then select the Run with highest privileges option.

  4. Define when the task should run:

    1. In the Create Task dialog box, click the Triggers tab, and then click New.

    2. In the New Trigger dialog box, select your recurrence option, specify the recurrence interval, and choose a start time.

      noteNote
      As a best practice, you should set the task to run daily during non-business hours.

    3. Click OK to save your changes and return to the Create Task dialog box.

  5. Define the task actions:

    1. Click the Actions tab, and then click New. The New Action dialog box appears.

    2. In the Action list, click Start a program, and then browse to C:\WINDOWS\SYSTEM32\ntdsutil.exe.

    3. In the Add arguments (optional) text box, type the following (you must include the quotation marks): “set dsrm password” “sync from domain account SBS_network_administrator_account” q q where SBS_network_administrator_account is the current network administrator’s account name.

  6. Click OK twice to save the task and close the Create Task dialog box. The new task appears in the Active Tasks section of Task Schedule.

Did you find this helpful?
(1500 characters remaining)
© 2013 Microsoft
|
Site Feedback
© 2013 Microsoft. All rights reserved.