Resets the directory services restore mode (DSRM) password on a domain controller. At the Reset DSRM Administrator Password: prompt, type any of the following parameters listed under Syntax.

Ntdsutil is a command-line tool that is built into Windows Server 2008. It is available if you have the Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS) server role installed. To use ntdsutil, you must run the ntdsutil command from an elevated command prompt. To open an elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator.

For examples of how to use this command, see Examples.

Syntax

Reset Password on server %s

Parameters

Parameter Description

Reset Password on server %s

Prompts for a new DSRM password for a domain controller. Use NULL as the domain controller name to reset the DSRM password on the current server. After entering this parameter, the Please type password for DS Restore Mode Administrator Account: prompt appears. At this prompt, type the desired new DSRM password.

%s

An alphanumeric variable, such as a domain or domain controller name.

quit

Takes you back to the previous menu or exits the utility.

?

Displays help at the command prompt.

Help

Displays help at the command prompt.

Remarks

  • The DSRM password on a domain controller is initially set when the Active Directory Installation Wizard (Dcpromo) is run on a server to promote it to a domain controller.

  • If the domain controller is in directory services restore mode, you cannot reset the DSRM password on a domain controller using ntdsutil.

Examples

To rest the DSRM password on a domain controller named DC2, type:

Reset DSRM Administrator Password: reset password on server DC2