Tuesday, November 13, 2007

How to Reset Directory Services Recovery Mode password on a Domain Controller



DSRM is being configured at the first time, when a server promoted to be a domain controller. Often time administrators make up a password and this password gets forgotten and when it is needed, resetting DSRM password will be necessary. This process is very straight forward. Do not confuse this password with Domain administrator password. When DSRM mode is initiated, the local administrator account is authenticated by the SAM (Security account manager).

Go to command Line and follow the steps below. (NTSUTIL is part of windows 2003 support tools)

C:\>ntdsutil

ntdsutil: set dsrm password

  • Reset DSRM Administrator Password: reset password on server dc1
  • Please type password for DS Restore Mode Administrator Account: ***********
  • Please confirm new password: ***********
  • Password has been set successfully.

How to Move .DIT Database to another location

In this scenario the drive holds the NTDS.DIT database is going out of space and we need to move it to different drive.

  • Click Start, click Run, type ntdsutil in the Open box, and then press ENTER.
  • At the Ntdsutil command prompt, type files, and then presses ENTER.
  • At the file maintenance command prompt, type move DB to new location (where new location is an existing folder that you have created for this purpose), and then press ENTER.
  • To quit Ntdsutil, type quit, and then press ENTER.
  • Restart the computer

How to Move Log Files

Use the move logs to command to move the directory service log files to another folder. For the new settings to take effect, restart the computer after you move the log files.

  • Ntdsutil
  • type files Press Enter (maintenance command prompt)
  • Move files to E:\NTDS\Logs ( this is the directory I have created on the second Hard drive, my logs are located on C drive and I am moving them from C drive to E drive.

KB:322672

Best,

Oz ozugurlu