by lunarg on December 20th 2009, at 20:54

When you have a working SBS 2008 server, and don't know the password to get into Directory Services Restore Mode, you might want to reset it to something you do know.
You will need this when for instance, the AD gets screwed up, or, in case of SBS, you get locked out (even though you're an Administrator).

Related posts

With the installation of the SBS, the DSRM password will be the same as the password you enter for the Administrator account. So, if the password hasn't changed, or you still remember it, try that one first.

Changing the DSRM password

You can change the DSRM password by using ntdsutil.

Open up a command prompt, and start ntdsutil.
At its prompt, type in and hit Enter:

set dsrm password

You'll come up on another prompt.
You can either reset the password for the server you're on, or for another DC in the domain.

Reset password on the current server

To reset the password on the current server, type this in.

reset password on server null

Note that you won't see the password when typing it.

Reset password on another DC in the domain

Every server has its own password. To reset the password of another server, do:

reset password on server myserver.domain.suffix

myserver.domain.suffix is the DNS name of the server. Note that if you're logged in on the right domain, it's not necessary to use the FQDN; the server name will suffice.
Note that you won't see the password when typing it.

Once it's set, exit the DSRM prompt:


After that, to exit ntdsutil, type:


And that's basically it. Keep the password safe; you never know when you might need it.

« July 2024»
« Most people tend to avoid true conflict. Ironically this breeds more conflict. »