Directory Restore Mode: Directory Services Restore mode, referred to as DSRM, also known as the Directory Service recovery model. is the server Safe Mode startup option for Windows domain controllers. DSRM allows administrators to repair or restore the Active Directory database for repair or restoration.
During the Upgrade Domain Controller wizard, prompt the administrator to enter directory Restore mode, which is the dsrm password. The administrator safekeeping the password can protect the database backdoor, avoid many problems later. Note The DSRM password does not provide access to the domain or any services. If the dsrm password is forgotten, you can change it through the command line tool ntdsutil. The following are the steps:
1. Log on to the domain controller with a domain Administrator account :
2. Enter the DOS command prompt or the PowerShell interface (in this case the latter), enter:Ntdsutil
3. At the "ntdsutil:" prompt, enter the set dsrm password carriage return:
Ntdsutil.exe:set dsrm Password reset the DSRM administrator password:?? -Show this help message to help-show this helpful message quit-Return to the previous menu reset Password on server%s-resets the Directory Service Restore Mode Administrator account password on the specified AD dc/lds instance. The local computer uses NULL. Sync from domain account%s-Performs a one-time password synchronization of the specified user name%s from this Active directory domain to the Directory Services Restore Mode administrator accounts on the local computer. Note: If the target AD Dc/lds instance is currently in Directory Services Restore mode, you cannot use Ntdsutil to reset or synchronize this password.
4. Under "Reset DSRM Administrator Password:" Enter reset password on server Major.azureyun.local:
5, two times enter the new password and confirm that, if the password and the current domain environment password policy consistent, password must meet the password policy requirements (minimum password length, password complexity and password history requirements, etc.);
6, enter the complexity password and determine, prompt password set success;
7, enter two times quit command quit ntdsutil;
If we remember the directory Restore Mode password, can boot into the directory Restore mode through the Ctrl+alt+del call Reset Password interface to make changes, this chapter sharing completed, thanks to support.
Windows Server 2016-Reset directory Restore Mode password