September 2003
Intermediate to advanced
624 pages
15h 49m
English
Content preview from Active Directory CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
16.3. Resetting the Directory Service Restore Mode Administrator Password
Problem
You want to reset the DS Restore Mode administrator password. This password is set individually (i.e., not replicated) on each domain controller, and is initially configured when you promote the domain controller into a domain.
Solution
Using a graphical user interface
For this to work you must be booted into DS Restore Mode (see Recipe 16.2 for more information).
Go to Start → Run.
Type
compmgmt.mscand press Enter.In the left pane, expand System Tools → Local Users and Computers.
Click on the Users folder.
In the right pane, right-click on the
Administratoruser and select Set Password.Enter the new password and confirm, then click OK.
Using a command-line interface
With the Windows Server 2003 version of ntdsutil, you can change the DS Restore Mode administrator password of a domain controller while it is live (i.e., not in DS Restore Mode). Another benefit of this new option is that you can run it against a remote domain controller. Here is the sample output when run against domain controller DC1.
> ntdsutil "set dsrm password" "reset password on server DC1"
ntdsutil: set dsrm password
Reset DSRM Administrator Password: reset password on server DC1
Please type password for DS Restore Mode Administrator Account: **********
Please confirm new password: **********
Password has been set successfully.Microsoft added a new command in Windows 2000 Service Pack 2 and
later called setpwd. It works similarly to the ...