Changing the DSRM password

May 15, 2018 in windows ‐ 1 min read

When setting up an active direcotry domain you will be asked to set a DSRM password. DSRM stands for Directory Services Restore Mode and is a backdoor into the database if everything else fails.

When an admin is changing the company, part of the process should be to change administrative passwords. The DSRM password however is somthing people often forget about so it remains unchanged.

This is why I want to take a second to show you how to change it.

 

Changing the Password

First you start an administrative CMD on a Domain Controller. Start the tool ntdsutil

image

and type_set dsrm password_.

image

Now we need do decide on wich DC the password should be changed and choose a new one. reset password on server null

image

Cheers, Ori