Change Recovery Console Administrator Password on a Domain Controller
How can I change the Recovery Console Administrator password on a Domain Controller?
When you promote a Windows 2000 Server-based computer to a domain controller, you are prompted to type a Directory Service Restore Mode Administrator password. This password is also used by Recovery Console, and is separate from the Administrator password that is stored in Active Directory after a completed promotion.
The Administrator password that you use when you start Recovery Console or when you press F8 to start Directory Service Restore Mode is stored in the registry-based Security Accounts Manager (SAM) on the local computer. The SAM is located in the %SystemRoot%\System32\Config folder. The SAM-based account and password are computer specific and they are not replicated to other domain controllers in the domain.
For ease of administration of domain controllers or for additional security measures, you can change the Administrator password for the local SAM. To change the local Administrator password that you use when you start Recovery Console or when you start Directory Service Restore Mode, use one of the following methods:
If Windows 2000 Service Pack 2 or later is installed on your computer, you can use the Setpwd.exe utility to change the SAM-based Administrator password. To do this:
At a command prompt, change to the %SystemRoot%\System32 folder.
To change the local SAM-based Administrator password, type
and then press ENTER.
To change the SAM-based Administrator password on a remote domain controller, type
setpwd /s: servername
and then press ENTER, where servername is the name of the remote domain controller.
When you are prompted to type the password for the Directory Service Restore Mode Administrator account, type the new password that you want to use.
Note: If you make a mistake, repeat these steps to run setpwd again.
Shut down the domain controller on which you want to change the password.
Restart the computer. When the selection menu screen is displayed during the restart process, press F8 to view advanced startup options.
Select the Directory Service Restore Mode option.
After you successfully log on, use one of the following methods to change the local Administrator password:
At a command prompt, type the following command:
net user administrator *
Use the Local User and Groups snap-in (Lusrmgr.msc) to change the Administrator password.
Shut down and restart the computer.
You can now use the Administrator account to log on to Recovery Console or Directory Services Restore Mode using the new password.
The Configure Your Server Wizard Sets Blank Recovery Mode Password – 271641
How to Change the Recovery Console Administrator Password on a Domain Controller – 239803
Protection of the Administrator Account in the Offline SAM – 223301
More in Active Directory
How to fix the "An Active Directory Domain Controller for the Domain Could Not Be Contacted" Error
Jun 20, 2022 | Michael Reinders
How to Delete a Protected OU in Active Directory
Jun 8, 2022 | Michael Reinders
Learn How Organizations Are Using Semperis Purple Knight to Secure Active Directory
Jun 7, 2022 | Russell Smith
Microsoft Announces Entra, A New Identity and Access Management Suite
May 31, 2022 | Rabia Noureen
Microsoft Releases Out-Of-Band Patches to Fix Windows AD Authentication Issues
May 20, 2022 | Rabia Noureen
Cloud Conversations – Ståle Hansen on Digital Wellbeing and Viva Explorers
May 19, 2022 | Laurent Giret
Most popular on petri