System State Restore

How to Boot a Windows Server 2003 DC into Directory Services Restore Mode (DSRM)

Posted on April 11, 2015 Updated on April 15, 2026

There are times when Active Directory becomes unstable, or you need to perform a “System State” restore. To do this, you must take the Domain Controller offline by booting into Directory Services Restore Mode (DSRM).

In this mode, the server stops functioning as a DC and instead functions as a standalone member server, allowing you to manipulate the AD database files (ntds.dit) while they aren’t in use.

⚠️ The Golden Rule of DSRM: The Password

When you boot into DSRM, Active Directory is not running. This means you cannot log in with your Domain Admin credentials.

You must use the Local Administrator account, and the password is the unique DSRM Password that was set years ago when the server was first promoted to a Domain Controller (via dcpromo).

Tip: If you’ve forgotten this password but the server is still currently running as a DC, you can reset it before rebooting using the setdsrmpassword command in ntdsutil.

Step-by-Step: Booting into DSRM Locally

If you have physical access (or console access via iDRAC/iLO/vCenter) to the machine, follow these steps:

Initiate a Restart: Restart the Domain Controller as you normally would.
The F8 Menu: As soon as the BIOS screen disappears and the Operating System selection menu appears, start tapping the F8 key.
Advanced Options: You will be presented with the Windows Advanced Options Menu. Use the arrow keys to select Directory Services Restore Mode (Windows domain controllers only) and press Enter.
Login: Once the Windows login screen appears, log on as the Local Administrator using that specific DSRM password.

What happens in this mode?

The NTDS service is stopped.
The server does not respond to authentication requests from users.
The local SAM (Security Accounts Manager) database handles authentication.
You can now run ntdsutil or backup software to perform database maintenance or restores.

#ActiveDirectory #DSRM #SysAdmin #WindowsServer #ITPro #TechSupport #ServerAdmin #LazyAdmin #Troubleshooting #LegacyIT

This entry was posted in Active Directory, Windows and tagged Active Directory, Domain Controller, DSRM, ntdsutil, SysAdmin Basics, System State Restore, Troubleshooting, Windows Server 2003.