Resetting the Directory Services Restore mode password in Active Directory

Here is how you reset the AD restore mode password in 2003:

Start Ntdsutil (click Start, Run; enter cmd.exe; then enter ntdsutil.exe).

Start the Directory Service Restore Mode Administrator password-reset utility by entering the argument "set dsrm password" at the ntdsutil prompt: ntdsutil: set dsrm password

Run the Reset Password command, passing the name of the server on which to change the password, or use the null argument to specify the local machine.

For example, to reset the password on server testserver1, enter the following argument at the Reset DSRM Administrator Password prompt:

Reset DSRM Administrator Password: reset password on server testserver1

To reset the password on the local machine, specify null as the server name: Reset DSRM Administrator Password:

reset password on server null

You'll be prompted twice to enter the new password. You'll see the following messages:

Please type password for DS Restore Mode Administrator Account:

Please confirm new password:

Password has been set successfully.

Exit the password-reset utility by typing "quit" at the following prompts:
Reset DSRM
Administrator Password: quit

ntdsutil: quit



Unfortunately, this doesn't work for Windows 2000. One way around this would be to do a system state backup, DCPromo down, reset the password and then do the necessary restore.