sara2000
asked on
DSRM password
Expert team out there. We have several DCs in the forest and I am going to promote another server to be an DC.
I do not remember the DSRM password of the DCs. Is DSRM password should be same on all DC? Do i need to know the DSRM to promote?
I do not remember the DSRM password of the DCs. Is DSRM password should be same on all DC? Do i need to know the DSRM to promote?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
In order to start DC in DRSM mode, you need console access to domain controller, if malicious user have console access and if he knows the DSRM password, he can logon to DC with DSRM, restore AD data etc
To avoid this situation, set complex DSRM password not used so far and keep it physically secured location
To avoid this situation, set complex DSRM password not used so far and keep it physically secured location
Glad we could help.
Please remember to endorse my, or any other expert's comments that you found helpful by clicking on the "Thumb's Up" button
Please remember to endorse my, or any other expert's comments that you found helpful by clicking on the "Thumb's Up" button
ASKER