Is there a tool to open and view the information in the ntdis.dit active directory file?

Posted on 2007-07-20
Last Modified: 2013-12-05
Is there a tool to open and view the information in the ntdis.dit active directory file?  I had a server die without a decent backup. It's few enough users that I'm fairly comfortable recreating it from scratch, but I'd like to look at the user accounts, shares, etc.


Question by:Jeffesmi
    LVL 31

    Expert Comment

    by:Toni Uranjek

    Unfortunately for you, the answer is no. This is AD database file and it's encrypted. You have to have working DC to access information within this file.

    LVL 2

    Author Comment

    Really?  No hack tools or such to allow me access to the data?  I thought you could crack open the security files on a server and hack the usernames and passwords.  I've never done it, but I thought one of the concers with physical access to the machine was that a hacker could get the security files and do a dictionary hack against the user accounts.

    In real life, I just spent the last dozen hours or so buiding the new server from scratch, creating the user accounts, backing up the users profiles with the "files and settings transfer wizard," removing them from the domain and then re-establishing their connection to the domain.  Is there an easier way to have done this in a situation like this, or was my method about as good as any?


    Jeffery Smith
    LVL 31

    Accepted Solution

    Yes, really. AFAIK, none of the top ten password cracking utilities has the ability to mount ntds.dit. They all work against local user accounts or have the ability to sniff passwords from network. The point of physical security is to prevent hacker to reset domain admin password. Dictionary attacks against user accounts can be performed through network. Actually hackers rarely attack domain controllers, because it's easier to sniff information (password or hash) from network or even from stolen laptop.

    In real life, you need two domain controllers for redundancy and daily (or let's just say regular) backup.

    Leave the question open, maybe someone else comes up with information you need, although I will be very suprised if anyone comes up with easy solution for your problem.
    LVL 51

    Assisted Solution

    Download the Beta of Server 2008.  You can mount offline AD databases.

    You may have to figure it out since it wasn't created on 2008, but it should work.
    LVL 2

    Author Comment

    Thanks to both of you.  I didn't realize that it was that hard to hack a domain .dit file.  The other thing I'd be curious about is whether I can open the registry files for the crashed server as we have an application that isn't behaving, and I'm pretty sure it is a missing registry entry. I'll post that on another thread though as you both should get some thanks, so I'm splitting the points.  I haven't downloaded the Beta of Server 2008 yet, but I'll dig up a machine to load it on and see what I think.  At this point, everything is curiousity and for future reference as I'm sure this isn't the only small client I will run into that looses their only domain controller.  Luckily, I recovered the data.  They are up and running now, I just have some tweaking left to do.

    Best Wishes,

    Jeffery Smith

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    Starting in Windows Server 2008, Microsoft introduced the Group Policy Central Store. This automatically replicating location allows IT administrators to have the latest and greatest Group Policy (GP) configuration settings available. Let’s expl…
    Know what services you can and cannot, should and should not combine on your server.
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now