I'm using Windows 2012 R2 with Active Directory.
One of my DC has had hardware failure. I'd like to promote another server as a DC, but reading online it looks like I need the DSRM password to do so. I did not set up the domain controller and can't find the password written down anywhere. When I try to reset the password on the server while logged in as a Domain Admin, I get the error 0xa90. Google hasn't been much of a help, so hoping someone here knows what to do.
I've already removed the dead DC manually from Active Directory, thinking that might be causing the issue.
C:>Ntdsutil
Ntdsutil: set dsrm password
Reset DSRM Administrator Password: reset password on server null
Please type password for DS Restore Mode Administrator Account: ********
Please confirm new password: ********
Setting password failed.
WIN32 Error Code: 0xa90
Error Message: (null)
The DSRM password you are attempting to set has nothing to do with the DSRM password you need to enter when promoting the new domain controller.
If you want the DSRM password to be the same on your domain controllers, create a disabled account, set the password on the account, and use the following command in a shutdown script on your domain controllers:
https://blogs.technet.microsoft.com/askds/2009/03/11/ds-restore-mode-password-maintenance/
You don't need to do anything with the DSRM password for the old DC. When you promote a member server to a DC you are setting the DSRM password for the new DC. Each DC has it's own DSRM password.