You want to reset the DS Restore Mode administrator password. This password is set individually (i.e., not replicated) on each domain controller, and is initially configured when you promote the domain controller into a domain.
For this to work you must be booted into DS Restore Mode (see Recipe 16.2 for more information).
Go to Start → Run.
compmgmt.msc and press Enter.
In the left pane, expand System Tools → Local Users and Computers.
Click on the Users folder.
In the right pane, right-click on the
Administrator user and select Set Password.
Enter the new password and confirm, then click OK.
With the Windows Server 2003 version of ntdsutil, you can change the DS Restore Mode administrator password of a domain controller while it is live (i.e., not in DS Restore Mode). Another benefit of this new option is that you can run it against a remote domain controller. Here is the sample output when run against domain controller DC1.
ntdsutil "set dsrm password" "reset password on server DC1"ntdsutil: set dsrm password Reset DSRM Administrator Password: reset password on server DC1 Please type password for DS Restore Mode Administrator Account: ********** Please confirm new password: ********** Password has been set successfully.
Microsoft added a new command in Windows 2000 Service Pack 2 and
setpwd. It works similarly to the ...