set DSRM password

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2008

Resets the Directory Services Restore Mode (DSRM) password on a domain controller. At the Reset DSRM Administrator Password: prompt, type any of the parameters listed under “Syntax.”

This is a subcommand of Ntdsutil and Dsmgmt. Ntdsutil and Dsmgmt are command-line tools that are built into Windows Server 2008 and Windows Server 2008 R2. Ntdsutil is available if you have the Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS) server role installed. Dsmgmt is available if you have the AD LDS server role installed. These tools are also available if you install the Active Directory Domain Services Tools that are part of the Remote Server Administration Tools (RSAT). For more information, see How to Administer Microsoft Windows Client and Server Computers Locally and Remotely (https://go.microsoft.com/fwlink/?LinkID=177813).

To use either of these tools, you must run them from an elevated command prompt. To open an elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator.

For examples of how to use this command, see Examples.

Syntax

Reset Password on server %s

Parameters

Parameter Description

Reset Password on server %s

Prompts for a new DSRM password for a domain controller. Use NULL as the domain controller name to reset the DSRM password on the current server. After you enter this parameter, the Please type password for DS Restore Mode Administrator Account: prompt appears. At this prompt, type the desired new DSRM password.

Sync from domain account %s

Note

This parameter is available on domain controllers that run Windows Server 2008 R2 or Windows Server 2008 with Service Pack 3 or later or have installed hotfix 961320 (https://go.microsoft.com/fwlink/?LinkId=197407).

    <p></p>
  </div>
</td>
<td>
  <p>Perform one-time password synchronization from the specified user name %s from this Active Directory domain to the DSRM administrator account on the local computer. For a link to more information, see Remarks section. </p>
</td>

%s

An alphanumeric variable, such as a domain or domain controller name.

quit

Takes you back to the previous menu, or exits the utility.

?

Displays Help at the command prompt.

Help

Displays Help at the command prompt.

Remarks

  • The DSRM password on a domain controller is initially set when the Active Directory Installation Wizard (Dcpromo) is run on a server to promote it to a domain controller.

  • If the domain controller is in DSRM, you cannot reset the DSRM password on a domain controller using Ntdsutil.

  • For more information about how to synchronize the DSRM account password on a local domain controller with the password of a domain user account, see DS Restore Mode Password Maintenance (https://go.microsoft.com/fwlink/?LinkId=197408).

  • Ntdsutil does not correctly handle special characters, such as the apostrophe character ('), that you can enter at the ntdsutil: prompt at the command line. In some situations, there may be an alternative workaround. For more information, see local roles (https://go.microsoft.com/fwlink/?LinkId=157320).

Examples

To rest the DSRM password on a domain controller named DC2, type the following command, and then press ENTER:

Reset DSRM Administrator Password: reset password on server DC2

Additional references

Command-Line Syntax Key

Dsmgmt

Ntdsutil

authoritative restore

configurable settings

DS behavior

files

group membership evaluation

ifm

LDAP policies

local roles

metadata cleanup

partition management

roles

security account management

semantic database analysis

snapshot