[Today's post comes to us courtesy of Shawn Sullivan]
The method in which the Directory Services Restore Mode (DSRM) password is set during an install of SBS 2008 is different than that of Windows Server 2008. Like most component installation in SBS 2008 setup, the dcpromo process is hidden from the user and they will not be prompted to enter a DSRM password.
In a clean install of SBS 2008, SBS setup will synchronize the DSRM password with that of the admin account password that you specify during setup.
During a migration, SBS setup will synchronize the DSRM password with that of the admin account you have specified in the SBS Answer file generator tool when creating the SBSAnswerfile.xml.
In either case, once the DSRM password is set by SBS setup, it does not change. So even if you change your domain administrator password a few months down the road, the DSRM password still remains the same. Therefore, it is extremely important for you to document and secure this information. If you have forgotten the DSRM password (and you can still boot into normal mode), you can manually set it by following the steps in
(you must type
activate instance NTDS
after launching NTDSUtil.exe). Example:
When logging into DSRM in SBS 2008, you have two choices:
If no other DC is available, you must login locally using
and the DSRM password.
If you have forgotten your DSRM password, there is no other Domain Controller available to service logins, and you cannot boot into Normal Mode, you will not be able to login to the server.
: A new feature has recently been released that allows you to synchronize the DSRM password with that of a user account. Details regarding this can be found here
. After you install the feature and reboot the server, you can run the following command to initiate the sync: