How to recover DSRM password

If you've lost the DSRM (Directory Services Restore Mode) password for your Windows Server, there are a few ways to reset it. Here's a guide on how to recover or reset the DSRM password:

Option 1: Reset DSRM Password Using NTDSUtil

You can reset the DSRM password using the NTDSUtil command-line tool. Here's how:

Steps:

1. Boot into Directory Services Restore Mode:

   • Restart your server.
   • Press F8 while the server is booting (before the Windows logo appears).
   • Select Directory Services Restore Mode from the Advanced Boot Options menu.

2. Log in to the DSRM:

   • Log in using the DSRM username (which is typically Administrator by default).
   • Enter the old DSRM password (if you remember it), or just leave it blank if you don't know the password.

3. Open Command Prompt:

   • Once you are logged in, open the Command Prompt by typing cmd in the Start menu or pressing Windows+R, typing cmd, and hitting Enter.

4. Run NTDSUtil:

   • In the Command Prompt, type the following to launch NTDSUtil:

     ntdsutil

   • Once in the NTDSUtil tool, type the following to reset the password:

     set DSRM password

   • You will be prompted to enter a new password for the DSRM. Enter a new, strong password.

5. Exit NTDSUtil:

   • Type quit to exit the NTDSUtil tool.

6. Reboot:

   • Restart the server, and then you should be able to log in with the newly set DSRM password.

Option 2: Use Offline NT Password & Registry Editor

If you're unable to access the DSRM password via the NTDSUtil method, you can use third-party tools like Offline NT Password & Registry Editor to reset the DSRM password.

Steps:

1. Download and Create a Bootable USB or CD:

   • Download the Offline NT Password & Registry Editor from its official website.
   • Create a bootable USB or CD with the tool.

2. Boot the Server from USB/CD:

   • Insert the bootable media into the server.
   • Restart the server and boot from the USB/CD.

3. Reset the DSRM Password:

   • Follow the prompts in the tool to select the Windows installation and reset the DSRM password.

4. Reboot:

   • Once the password reset is complete, reboot your server and log in with the new DSRM password.

Option 3: Use Windows Server Backup (if applicable)

If you're using a backup solution, you can restore the server to a point before the DSRM password was lost.

1. Boot the server using Windows Server Backup or the system recovery options.
2. Perform a system restore to a backup taken when you still knew the DSRM password.

Option 4: Reinstall Active Directory (Last Resort)

If none of the above options work and you are still unable to reset the DSRM password, you may need to demote and re-promote the domain controller:

1. Demote the domain controller using the Server Manager or PowerShell (Uninstall-ADDSDomainController).
2. Reinstall the Active Directory role and reconfigure your server.