Resetting DC Password from DSRM

How can I reset my DC's password? I am able to login to the server in Directory Services Restore Mode. I tried pulling up AD DS Users and Computers from there, but it does not appear that it will load anything about domain users.


When you boot a domain controller into Directory Services Restore Mode (DSRM,) Active Directory is offline on that DC. That is why you cannot load Active Directory Users and Computers on that DC.

Assuming you are not using full disk encryption such as Bitlocker, this simple trick will get you back in the game:

Boot the domain controller from alternate media, such as a USB thumb drive that has a Windows recovery partition on it. (Diagnostics and Recovery Toolkit (DaRT) makes good recovery media, for example.)

Once you have booted into the recovery media, open a command prompt and mount the system hard drive of the domain controller (which probably has a different drive letter now than it usually does.)

Type this:

copy X:\Windows\System32\Utilman.exe X:\Windows\System32\Utilman.bak

Then

copy X:\Windows\System32\cmd.exe X:\Windows\System32\Utilman.exe

Now that you have replaced Utilman.exe with Cmd.exe, reboot the machine normally.

Once it comes back up, click the little "Accessibility" icon in the corner of the logon screen. A command prompt running under the security context of Local System will appear overlaying the logon prompt. And Directory Services is running now. So type:

net user DomainAdmin *

And reset your domain admin password.

Now reboot your machine again and replace the old Utilman.exe. This final step is very important, as your DC is in a very insecure configuration right now as long as this "Utilman.exe hack" is in place.

Merry Christmas.


You can't, the AD is not loaded, you can restore it (the entire database), but you can't edit user account.