RahulPatel–twikies…

November 22, 2008

change RC or Directory Restore Safe Mode Administrator password on a DC

Filed under: Micorosoft Windows — Rahul Patel @ 6:34 am

When you promote a Windows 2000 or Windows Server 2003 Server-based computer to a domain controller, you are prompted to type a Directory Service Restore Mode Administrator password. This password is also used by Recovery Console, and is separate from the Administrator password that is stored in Active Directory after a completed promotion.

The Administrator password that you use when you start Recovery Console or when you press F8 to start Directory Service Restore Mode is stored in the registry-based Security Accounts Manager (SAM) on the local computer. The SAM is located in the %SystemRoot%System32Config folder. The SAM-based account and password are computer specific and they are not replicated to other domain controllers in the domain.

For ease of administration of domain controllers or for additional security measures, you can change the Administrator password for the local SAM. To change the local Administrator password that you use when you start Recovery Console or when you start Directory Service Restore Mode, use one of the following methods:

Method #1

If Windows 2000 Service Pack 2 or later is installed on your computer, you can use the Setpwd.exe utility to change the SAM-based Administrator password. To do this:

  1. At a command prompt, change to the %SystemRoot%System32 folder.

  2. To change the local SAM-based Administrator password, type

setpwd

and then press ENTER.

  1. To change the SAM-based Administrator password on a remote domain controller, type

setpwd /s: servername

and then press ENTER, where servername is the name of the remote domain controller.

  1. When you are prompted to type the password for the Directory Service Restore Mode Administrator account, type the new password that you want to use.

Note: If you make a mistake, repeat these steps to run setpwd again.

Method #2

On Windows 2000, if you do know the Directory Service Restore Mode Administrator password you can easily change it to something else by using the following method:

  1. Shut down the domain controller on which you want to change the password.

  2. Restart the computer. When the selection menu screen is displayed during the restart process, press F8 to view advanced startup options.

  3. Select the Directory Service Restore Mode option.

  4. After you successfully log on, use one of the following methods to change the local Administrator password:

At a command prompt, type the following command:

net user administrator *

or

Use the Local User and Groups snap-in (Lusrmgr.msc) to change the Administrator password.

  1. Shut down and restart the computer.

You can now use the Administrator account to log on to Recovery Console or Directory Services Restore Mode using the new password.

Method #3

On Windows 2000, if you do not know the Directory Service Restore Mode Administrator password you can easily change it to something else by using the following method:

  1. At a command prompt, type the following command:

net user administrator 123456

This will change the local administrator’s password to 123456.

You can now use the Administrator account to log on to Recovery Console or Directory Services Restore Mode using the new password.

Method #4

On Windows Server 2003, the setpwd or NET USER trick won’t work. Here, if you want to change the Directory Service Restore Mode Administrator password you’ll need to use the following method:

  1. Click, Start, click Run, type

ntdsutil

and then click OK.

  1. At the Ntdsutil command prompt, type

set dsrm password

  1. At the DSRM command prompt, type one of the following lines:

To reset the password on the server on which you are working, type

reset password on server null

The null variable assumes that the DSRM password is being reset on the local computer. Type the new password when you are prompted. Note that no characters appear while you type the password.

or

To reset the password for another server, type

reset password on server <servername>

where <servername> is the DNS name for the server on which you are resetting the DSRM password. Type the new password when you are prompted. Note that no characters appear while you type the password.

  1. At the DSRM command prompt, type q.

  2. At the Ntdsutil command prompt, type q to exit.

You can now use the Administrator account to log on to Recovery Console or Directory Services Restore Mode using the new password.


Advertisements

6 Comments »

  1. thanks for the good post. keep writing such
    posts. recently i had to reset my windows xp admin password and a post on reset windows password at http://letusbuzz.com really made my
    day

    Comment by Anuradha — October 19, 2010 @ 3:20 am | Reply

  2. fantastic post, very informative. I wonder why the opposite experts of this sector
    don’t notice this. You must proceed your writing. I’m confident, you’ve a huge readers’ base already!

    Comment by http://www.incaradvancements.co.uk — February 8, 2014 @ 7:14 pm | Reply

  3. Hi, I do think this is a great web site. I stumbledupon it 😉 I may return once again since I bookmarked it.
    Money and freedom is the best way to change, may you be rich
    and continue to help other people.

    Comment by chat gratis - youtube.com — February 21, 2014 @ 6:46 am | Reply

  4. An intriguing discussion is worth comment. I do think that you
    need to publish more on this topic, it might not be
    a taboo matter but typically people don’t discuss
    these topics. To the next! Many thanks!!

    Comment by Helen — March 26, 2014 @ 8:56 am | Reply

  5. It’s not my first time to go to see this website, i am visiting this website dailly and take good facts from here every day.

    Comment by http://wmusic.ga/ — May 15, 2014 @ 10:12 pm | Reply

  6. What’s up, constantly i used to check weblog posts here in the early hours in the morning, as i enjoy tto gain knowledge of more and more.

    Comment by carpet in tampa — June 30, 2014 @ 9:02 am | Reply


RSS feed for comments on this post.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: