Directory Services Restore Mode
   HOME

TheInfoList



Click Here for Items Related To - Directory Services Restore Mode
OR:
Directory Services Restore Mode on:   [Wikipedia]   [Google]   [Amazon]

Directory Services Restore Mode (DSRM) is a function on
Active Directory Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was used only for centralize ...
Domain Controllers On Microsoft Servers, a domain controller (DC) is a server computer that responds to security authentication requests (logging in, etc.) within a Windows domain. A ''domain'' is a concept introduced in Windows NT whereby a user may be granted access ...
to take the server offline for emergency maintenance, particularly restoring backups of AD objects. It is accessed on
Windows Server Windows Server (formerly Windows NT Server) is a group of operating systems (OS) for servers that Microsoft has been developing since July 27, 1993. The first OS that was released for this platform was Windows NT 3.1 Advanced Server. With the r ...
via the advanced startup menu, similarly to safe mode.


Password

In Windows 2000, the DSRM password is typically created as a
null Null may refer to: Science, technology, and mathematics Computing *Null (SQL) (or NULL), a special marker and keyword in SQL indicating that something has no value *Null character, the zero-valued ASCII character, also designated by , often used ...
value (blank), which is also the
Recovery Console The Recovery Console is a feature of the Windows 2000, Windows XP and Windows Server 2003 operating systems. It provides the means for administrators to perform a limited range of tasks using a command-line interface. Its primary function is to ...
password. Starting with Windows Server 2003, a DSRM password must be defined when the domain controller is promoted. Anyone with the password who has access to the domain controller can reboot the machine, copy and modify the Active Directory database, and reboot the server without leaving any trace of the activity. DSRM password changes cannot be scripted, but can be accomplished manually through the command line; DSRM passwords can also be automatically changed and audited using Privileged Identity Management software.


Alternatives

On
Windows Server 2008 R2 Windows Server 2008 R2 is the fifth version of the Windows Server operating system produced by Microsoft and released as part of the Windows NT family of operating systems. It was released to manufacturing on July 22, 2009, and became General av ...
, an "Active Directory Recycle Bin" was added, which allows on-line restoration of accidentally-deleted AD objects. Its functionality is reminiscent of Windows' own
Recycle Bin A recycling bin (or recycle bin) is a container used to hold recyclables before they are taken to recycling centers. Recycling bins exist in various sizes for use inside and outside homes, offices, and large public facilities. Separate cont ...
function.


See also

*
List of Microsoft Windows components The following is a list of Microsoft Windows computer program, components. Configuration and maintenance User interface Applications and utilities Windows Server components File systems Core components Services This list i ...


References


External links


Securing the DSRM Password

Restart the domain controller in Directory Services Restore Mode locally
Active Directory {{Windows-stub