http://msmvps.com/blogs/ad/archive/2008/10/21/restartable-ad-ds-and-dsrm-logon-behaviors.aspxEver since Windows 2000&#39;s implementation of Active Directory (AD) we have had a method to restore AD objects that were removed. Although it hasn&rsquo;t been as easy as hitting CTRL-Z to undo a mistakenly deleted object or to try to restore from theenCommunityServer 2008.5 SP2 (Build: 40407.4157)http://msmvps.com/blogs/ad/archive/2008/10/21/restartable-ad-ds-and-dsrm-logon-behaviors.aspx#1666442Tue, 27 Jan 2009 19:23:15 GMTd67277c4-116b-43f1-b688-e9ef184ea916:1666442grinder<p>On <a rel="nofollow" target="_new" href="http://technet.microsoft.com/en-us/library/cc732714.aspx">technet.microsoft.com/.../cc732714.aspx</a> another options for DSRMAdminLogonBehavior</p> <p>0 (default for Windows Server 2008) - The DSRM Administrator account cannot be used to log on.</p> <p>You can only log on to the domain controller with a domain account. This requires an additional domain controller to authenticate the request and working connectivity, name resolution, authentication, and authorization between the local domain controller and the authenticating domain controller.</p> <p>1 - The DSRM Administrator account can be used to log on only when the AD DS service is stopped.</p> <p>This value can improve functionality by allowing more options for logging on to a domain controller. However, keep in mind that the DSRM Administrator account password is not checked against any password policy.</p> <p>You might change the entry to this value in a domain that has a single domain controller, or on a domain controller that is on an isolated network, or on one that points to itself or other offline domain controllers exclusively for name resolution.</p> <p>2 - The DSRM Administrator account can be used to log on at any time. Using this value is not recommended because the DSRM Administrator account password is not checked against any password policy.</p> <div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=1666442" width="1" height="1">http://msmvps.com/blogs/ad/archive/2008/10/21/restartable-ad-ds-and-dsrm-logon-behaviors.aspx#1666438Tue, 27 Jan 2009 18:58:10 GMTd67277c4-116b-43f1-b688-e9ef184ea916:1666438grinder<p>Very thanks for Instructions.</p> <div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=1666438" width="1" height="1">http://msmvps.com/blogs/ad/archive/2008/10/21/restartable-ad-ds-and-dsrm-logon-behaviors.aspx#1651668Wed, 22 Oct 2008 20:49:29 GMTd67277c4-116b-43f1-b688-e9ef184ea916:1651668BrianM<p>That is what I get for posting way to early in the morning for me. &nbsp;:)</p> <div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=1651668" width="1" height="1">http://msmvps.com/blogs/ad/archive/2008/10/21/restartable-ad-ds-and-dsrm-logon-behaviors.aspx#1651663Wed, 22 Oct 2008 19:41:48 GMTd67277c4-116b-43f1-b688-e9ef184ea916:1651663GrammarGuy<p>Nice post - but please check your spelling and grammar before you post.</p> <p>Examples from your post above:</p> <p>...where removed. &nbsp;(were)</p> <p>Although it hasn’t been as easy as hitting CTRL-Z to undo a mistakenly deleted object or to try to restore from the Recycle Bin. (Poor sentence structure).</p> <p>...now functions as service. (as a service)</p> <p>...in a norm state. (normal)</p> <p>Value 0 had to big of an impact (too)</p> <p>...a little to liberal for my likings (too)</p> <p>...when you want to all the DRSM (allow)</p> <div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=1651663" width="1" height="1">