When setting up an active direcotry domain you will be asked to set a DSRM password. DSRM stands for Directory Services Restore Mode and is a backdoor into the database if everything else fails.

When an admin is changing the company, part of the process should be to change administrative passwords. The DSRM password however is somthing people often forget about so it remains unchanged.

This is why I want to take a second to show you how to change it.

 

Changing the Password

First you start an administrative CMD on a Domain Controller. Start the tool ntdsutil

and type_set dsrm password_.

Now we need do decide on wich DC the password should be changed and choose a new one. reset password on server null

Cheers, Ori