DSRM (Directory Services Restore Mode)
DSRM (Directory Services Restore Mode)
DSRM is Directory Services Restore Mode. There is a local administrator on every DC called "Administrator" whose password is the DSRM password. DSRM password (SafeModePassword) is required when a server is promoted to Domain Controller and it is rarely changed. After altering the configuration on the DC, it is possible to pass the NTLM hash of this user to access the DC.
Execution
Dumping the SAM database
Requirements before you can pass the hash
Last updated