A. It's possible to synchronize the password used for DSRM with the following command. Note that you should replace
ntdsutil "set dsrm password" "sync from domain account
" q q
Note that this is a one-time action and if you change the password for the domain account, you need to run the above command again. Also, this command must be run on each domain controller (DC), because the DSRM password is local to each DC.
Below is an example execution.
C:\Users\administrator.SAVILLTECH>ntdsutil "set dsrm password" "sync from domain account savilltech\Administrator" q q ntdsutil: set dsrm password Reset DSRM Administrator Password: sync from domain account savilltech \Administrator Password has been synchronized successfully. Reset DSRM Administrator Password: q ntdsutil: q
Note this only works on Windows Server 2008 and above domain controllers and this hotfix must be applied to pre-SP2 Windows 2008 servers. Also, a reboot is required.Related Reading:
- Q. How can I reset the Directory Service Restore Mode Administrator password?
- Q: I recently discovered that some of our Active Directory (AD) Domain Controllers (DCs) have their AD databases (ntds.dit) installed on the system drive (C). How do I move the database to the D drive?
- Q. How do I make the Directory Services Restore Mode (DSRM) administrator password work on my Windows 2008 domain controllers (DCs) if the Active Directory Directory Service (AD DS) is stopped and no other DCs are available?
- Changing the Password on a DC's DSRM and Recovery Console Administrator Account
Check out hundreds more useful Q&As like this in John Savill's FAQ for Windows. Also, watch instructional videos made by John at ITTV.net.