A. In Windows 2000 Server, you used to have to boot the computer whose password you wanted to change in Directory Restore mode, then use either the Microsoft Management Console (MMC) Local User and Groups snap-in or the command
net user administrator *
to change the Administrator password. Win2K Server Service Pack 2 (SP2) introduced the Setpwd utility, which lets you reset the Directory Service Restore Mode password without having to reboot the computer. (Microsoft refreshed Setpwd in SP4 to improve the utility's scripting options.)
In Windows Server 2003, you use the Ntdsutil utility to modify the Directory Service Restore Mode Administrator password. To do so, follow these steps:
- Start Ntdsutil (click Start, Run; enter cmd.exe; then enter ntdsutil.exe).
- Start the Directory Service Restore Mode Administrator password-reset utility by entering the argument "set dsrm password" at the ntdsutil prompt:
ntdsutil: set dsrm password
- Run the Reset Password command, passing the name of the server on which to change the password, or use the null argument to specify the local machine. For example, to reset the password on server thanos, enter the following argument at the Reset DSRM Administrator Password prompt:
Reset DSRM Administrator Password: reset password on server thanosTo reset the password on the local machine, specify null as the server name:
Reset DSRM Administrator Password: reset password on server null
- You'll be prompted twice to enter the new password. You'll see the following messages:
Please type password for DS Restore Mode Administrator Account: Please confirm new password: Password has been set successfully.
- Exit the password-reset utility by typing "quit" at the following prompts:
Reset DSRM Administrator Password: quit ntdsutil: quit