Directory Services Restore Mode
   HOME

TheInfoList



Click Here for Items Related To - Directory Services Restore Mode
OR:
Directory Services Restore Mode on:   [Wikipedia]   [Google]   [Amazon]

Directory Services Restore Mode (DSRM) is a function on
Active Directory Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. Windows Server operating systems include it as a set of processes and services. Originally, only centralized domain management used Active Direct ...
Domain Controllers to take the server offline for emergency maintenance, particularly restoring backups of AD objects. It is accessed on
Windows Server Windows Server (formerly Windows NT Server) is a brand name for Server (computing), server-oriented releases of the Windows NT operating system (OS) that have been developed by Microsoft since 1993. The first release under this brand name i ...
via the advanced startup menu, similarly to
safe mode Safe mode is a diagnosis, diagnostic mode of a computer operating system (OS). It can also refer to a mode of operation by application software. ''Safe mode'' is intended to help fix most, if not all, problems within an operating system. It is a ...
.


Password

In Windows 2000, the DSRM password is typically created as a
null Null may refer to: Science, technology, and mathematics Astronomy *Nuller, an optical tool using interferometry to block certain sources of light Computing *Null (SQL) (or NULL), a special marker and keyword in SQL indicating that a data value do ...
value (blank), which is also the
Recovery Console The Recovery Console is a feature of the Windows 2000, Windows XP and Windows Server 2003 operating systems. It provides the means for administrators to perform a limited range of tasks using a command-line interface. Its primary function is to ...
password. Starting with Windows Server 2003, a DSRM password must be defined when the domain controller is promoted. Anyone with the password who has access to the domain controller can reboot the machine, copy and modify the Active Directory database, and reboot the server without leaving any trace of the activity. DSRM password changes cannot be scripted, but can be accomplished manually through the command line; DSRM passwords can also be automatically changed and audited using Privileged Identity Management software.


Alternatives

On
Windows Server 2008 R2 Windows Server 2008 R2, codenamed "Windows Server 7" or "Windows Server 2008 Release 2", is the eighth major version of the Windows NT operating system produced by Microsoft to be released under the Windows Server brand name. It was release ...
, an "Active Directory Recycle Bin" was added, which allows on-line restoration of accidentally-deleted AD objects. Its functionality is reminiscent of Windows' own
Recycle Bin A recycling bin (or recycle bin) is a container used to hold recyclables before they are taken to recycling centers. Recycling bins exist in various sizes for use inside and outside of homes, offices, and large public facilities. Separate conta ...
function.


See also

*
List of Microsoft Windows components The following is a list of Microsoft Windows components. Configuration and maintenance User interface Applications and utilities Windows Server components File systems Core components Services This list is not all-inclusiv ...


References


External links


Securing the DSRM Password

Restart the domain controller in Directory Services Restore Mode locally
Active Directory {{Windows-stub