Accessing Directory Services Restore Mode Remotely

by Chris Sanders [Published on 25 Sept. 2008 / Last Updated on 25 Sept. 2008]

Directory Services Restore Mode can be accessed remotely using some unique procedures. Here we look at how this is done.

Active Directory corruption is never a good thing. The only thing that can make this worse is when it happens on a domain controller that is located in a remote location and nobody is close enough to do anything about it.

Whenever you experience this scenario, the typical response would be to reboot the server in directory services restore mode and use the ntdsutil tool to check the integrity of Active Directory on the server. The problem with the server being in a remote location is that you cannot reboot the computer and press the F8 key in order to boot into directory services restore mode, and you obviously cannot do this without being directly in front of the server.

The best technique to use in this situation is to modify the boot.ini file to access DSRM remotely. In order to do this, all you need to do is add /SAFEBOOT:DSREPAIR to the end of the boot.ini file. If you do this, the server will automatically reboot into the proper mode so that you can access it via terminal services and run ntdsutil. Just remember, that after running dsutil you will want to remove that line from boot.ini to boot back into normal mode.


See Also

The Author — Chris Sanders

Chris Sanders is a network security analyst for EWA Government Systems Inc. Chris is the author of the book Practical Packet Analysis as well as several technical articles. His personal website at contains a great deal of information, articles, and guides related to network administration, network security, packet analysis, and general information technology.

Featured Links