Directory Services Restore Mode: Difference between revisions
Content deleted Content added
mNo edit summary |
m →Alternatives: Adding web.archive.org links for citations with url-status=live Category:CS1_maint:_url-status |
||
| (25 intermediate revisions by 22 users not shown) | |||
| Line 1: | Line 1: | ||
{{More citations needed|date=June 2020}} |
|||
'''Directory Services Restore Mode''' (DSRM) is used on a [[Microsoft Windows]] [[Domain Controller]] to take the [[Active Directory]] on that machine offline. |
|||
'''Directory Services Restore Mode''' ('''DSRM''') is a function on [[Active Directory]] [[Domain Controller|Domain Controllers]] to take the server offline for emergency maintenance, particularly restoring backups of AD objects. It is accessed on [[Windows Server]] via the advanced startup menu, similarly to [[safe mode]]. |
|||
== |
== Password == |
||
| ⚫ | |||
| ⚫ | Anyone with the password who has access to the domain controller can reboot the machine, copy and modify the Active Directory database, and reboot the server without leaving any trace of the activity. DSRM password changes cannot be scripted, but can be accomplished manually through the command line; DSRM passwords can also be automatically changed and audited using [[Privileged Identity Management]] software.<ref>{{cite web |url= http://www.liebsoft.com/Directory_Services_Restore_Mode_Security/ |archive-url= https://archive.today/20130127210014/http://www.liebsoft.com/Directory_Services_Restore_Mode_Security/ |url-status= dead |archive-date= 2013-01-27 |title= Directory Services Restore Mode Security, Lieberman Software, accessed 7/12/2012 }}</ref> |
||
To boot into DSRM, the user can reboot the computer and press F8 during the start-up sequence. The following options will be displayed: |
|||
== Alternatives == |
|||
* Safe Mode |
|||
On [[Windows Server 2008 R2]], an "Active Directory Recycle Bin" was added, which allows on-line restoration of accidentally-deleted AD objects. Its functionality is reminiscent of Windows' own [[Trash (computing)|Recycle Bin]] function.<ref>{{Cite web|last=Thompson|first=Troy|date=2015-11-11|title=How To Enable the Active Directory Recycle Bin|url=https://redmondmag.com/articles/2015/11/11/enable-the-active-directory-recycle-bin.aspx|url-status=live|archive-url=https://web.archive.org/web/20190909215333/https://redmondmag.com/articles/2015/11/11/enable-the-active-directory-recycle-bin.aspx |archive-date=2019-09-09 |access-date=2020-10-10|website=Redmondmag|language=en-US}}</ref> |
|||
* VGA Mode |
|||
* Last Known Good Configuration |
|||
* Directory Services Restore Mode |
|||
| ⚫ | |||
The user must select Directory Services Restore Mode. |
|||
| ⚫ | |||
== Password == |
|||
| ⚫ | |||
| ⚫ | |||
== Partial Deprecation == |
|||
Microsoft Windows 2008 R2 Server has introduced a new Active Directory "Recycle Bin" feature, which works analogously to the well-known Windows recycle bin. [http://download.microsoft.com/download/f/2/1/f2146213-4ac0-4c50-b69a-12428ff0b077/Active_Directory_Windows_Server_2008_R2_Updates.pptx] Using the ADRB functionality allows on-line restoration of accidentally-deleted AD objects, alleviating the need to take a DC off-line for minor recovery tasks, e.g. to revive a few users or an OU. The new "AD Recycle Bin" facility is only available at the native 2008 R2 domain and forest levels or higher. |
|||
== References == |
== References == |
||
<references/> |
<references/> |
||
| ⚫ | |||
* [[Active Directory]] |
|||
| ⚫ | |||
== External links == |
== External links == |
||
* [http:// |
* [http://www.techrepublic.com/article/secure-the-dsrm-password/6071421 Securing the DSRM Password] |
||
* [ |
* [https://technet.microsoft.com/en-us/library/cc776568(v=ws.10).aspx Restart the domain controller in Directory Services Restore Mode locally] |
||
[[Category:Microsoft Windows]] |
|||
[[Category:Active Directory]] |
[[Category:Active Directory]] |
||
{{Windows-stub}} |
{{Windows-stub}} |
||
Latest revision as of 01:07, 7 February 2022
 | This article needs additional citations for verification. (June 2020) |
Directory Services Restore Mode (DSRM) is a function on Active Directory Domain Controllers to take the server offline for emergency maintenance, particularly restoring backups of AD objects. It is accessed on Windows Server via the advanced startup menu, similarly to safe mode.
Password
[edit]In Windows 2000, the DSRM password is typically created as a null value (blank), which is also the Recovery Console password. Starting with Windows Server 2003, a DSRM password must be defined when the domain controller is promoted.
Anyone with the password who has access to the domain controller can reboot the machine, copy and modify the Active Directory database, and reboot the server without leaving any trace of the activity. DSRM password changes cannot be scripted, but can be accomplished manually through the command line; DSRM passwords can also be automatically changed and audited using Privileged Identity Management software.[1]
Alternatives
[edit]On Windows Server 2008 R2, an "Active Directory Recycle Bin" was added, which allows on-line restoration of accidentally-deleted AD objects. Its functionality is reminiscent of Windows' own Recycle Bin function.[2]
See also
[edit]References
[edit]- ^ "Directory Services Restore Mode Security, Lieberman Software, accessed 7/12/2012". Archived from the original on 2013-01-27.
- ^ Thompson, Troy (2015-11-11). "How To Enable the Active Directory Recycle Bin". Redmondmag. Archived from the original on 2019-09-09. Retrieved 2020-10-10.
External links
[edit]
 | This Microsoft Windows article is a stub. You can help Wikipedia by expanding it. |