Is there a tool to open and view the information in the ntdis.dit active directory file?

Is there a tool to open and view the information in the ntdis.dit active directory file?  I had a server die without a decent backup. It's few enough users that I'm fairly comfortable recreating it from scratch, but I'd like to look at the user accounts, shares, etc.


Who is Participating?
Toni UranjekConnect With a Mentor Consultant/TrainerCommented:
Yes, really. AFAIK, none of the top ten password cracking utilities has the ability to mount ntds.dit. They all work against local user accounts or have the ability to sniff passwords from network. The point of physical security is to prevent hacker to reset domain admin password. Dictionary attacks against user accounts can be performed through network. Actually hackers rarely attack domain controllers, because it's easier to sniff information (password or hash) from network or even from stolen laptop.

In real life, you need two domain controllers for redundancy and daily (or let's just say regular) backup.

Leave the question open, maybe someone else comes up with information you need, although I will be very suprised if anyone comes up with easy solution for your problem.
Toni UranjekConsultant/TrainerCommented:

Unfortunately for you, the answer is no. This is AD database file and it's encrypted. You have to have working DC to access information within this file.

JeffesmiAuthor Commented:
Really?  No hack tools or such to allow me access to the data?  I thought you could crack open the security files on a server and hack the usernames and passwords.  I've never done it, but I thought one of the concers with physical access to the machine was that a hacker could get the security files and do a dictionary hack against the user accounts.

In real life, I just spent the last dozen hours or so buiding the new server from scratch, creating the user accounts, backing up the users profiles with the "files and settings transfer wizard," removing them from the domain and then re-establishing their connection to the domain.  Is there an easier way to have done this in a situation like this, or was my method about as good as any?


Jeffery Smith
Netman66Connect With a Mentor Commented:
Download the Beta of Server 2008.  You can mount offline AD databases.

You may have to figure it out since it wasn't created on 2008, but it should work.
JeffesmiAuthor Commented:
Thanks to both of you.  I didn't realize that it was that hard to hack a domain .dit file.  The other thing I'd be curious about is whether I can open the registry files for the crashed server as we have an application that isn't behaving, and I'm pretty sure it is a missing registry entry. I'll post that on another thread though as you both should get some thanks, so I'm splitting the points.  I haven't downloaded the Beta of Server 2008 yet, but I'll dig up a machine to load it on and see what I think.  At this point, everything is curiousity and for future reference as I'm sure this isn't the only small client I will run into that looses their only domain controller.  Luckily, I recovered the data.  They are up and running now, I just have some tweaking left to do.

Best Wishes,

Jeffery Smith
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.