2 Options to Reset Directory Services Restore Mode Password

Learn how to reset / change forgotten Directory Services Restore Mode (DSRM) password in Windows Server 2012/2008/2003/2000 domain controller.

There are multiple ways to reset the Directory Services Restore Mode password, but we will focus on two of the most common methods.

The first method is to use a utility called DSReset. This tool is included in the Windows Server 2003 Support Tools and can be downloaded from Microsoft. Once you have DSReset, you will need to run it from the command prompt. The syntax for DSReset is as follows:

DSReset /server: /tdb

Where is the name of the domain controller that you want to reset the DSRM password for.

The second method is to use a utility called NTDSUtil. This tool is included in the Windows Server 2003 Support Tools and can be downloaded from Microsoft. Once you have NTDSUtil, you will need to run it from the command prompt. The syntax for NTDSUtil is as follows:

NTDSUtil

Activate instance NTDS

ifm

Create Domain Controller

q

q

At the NTDSUtil prompt, type the following commands:

ntdsutil: activate instance ntds

ifm: create domain controller

q

q

This will create a new domain controller in the directory services database. Once the new domain controller has been created, you will need to restart the computer in Directory Services Restore Mode. When the computer starts up, you will be prompted to enter the DSRM password. At this point, you can enter the new password that you created with NTDSUtil.

Once you have reset the DSRM password, you can then use the NTDSUtil tool to remove the temporary domain controller from the directory services database. To do this, you will need to run NTDSUtil again and type the following commands:

ntdsutil: activate instance ntds

ifm: remove domain controller

q

q

You will then be prompted to confirm the removal of the domain controller. Once you have confirmed the removal, you can then restart the computer in Normal Mode.

Kon-Boot is an excellent tool for resetting the Directory Services Restore Mode password. Kon-Boot is a bootable CD that allows you to login to a Windows account without knowing the password. Kon-Boot is a great tool to use if you forget your DSRM password, as it can save you a lot of time and effort.