We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now


Is there a tool to open and view the information in the ntdis.dit active directory file?

Medium Priority
Last Modified: 2013-12-05
Is there a tool to open and view the information in the ntdis.dit active directory file?  I had a server die without a decent backup. It's few enough users that I'm fairly comfortable recreating it from scratch, but I'd like to look at the user accounts, shares, etc.


Watch Question

Toni UranjekConsultant/Trainer


Unfortunately for you, the answer is no. This is AD database file and it's encrypted. You have to have working DC to access information within this file.



Really?  No hack tools or such to allow me access to the data?  I thought you could crack open the security files on a server and hack the usernames and passwords.  I've never done it, but I thought one of the concers with physical access to the machine was that a hacker could get the security files and do a dictionary hack against the user accounts.

In real life, I just spent the last dozen hours or so buiding the new server from scratch, creating the user accounts, backing up the users profiles with the "files and settings transfer wizard," removing them from the domain and then re-establishing their connection to the domain.  Is there an easier way to have done this in a situation like this, or was my method about as good as any?


Jeffery Smith
Yes, really. AFAIK, none of the top ten password cracking utilities has the ability to mount ntds.dit. They all work against local user accounts or have the ability to sniff passwords from network. The point of physical security is to prevent hacker to reset domain admin password. Dictionary attacks against user accounts can be performed through network. Actually hackers rarely attack domain controllers, because it's easier to sniff information (password or hash) from network or even from stolen laptop.

In real life, you need two domain controllers for redundancy and daily (or let's just say regular) backup.

Leave the question open, maybe someone else comes up with information you need, although I will be very suprised if anyone comes up with easy solution for your problem.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Top Expert 2005
Download the Beta of Server 2008.  You can mount offline AD databases.

You may have to figure it out since it wasn't created on 2008, but it should work.



Thanks to both of you.  I didn't realize that it was that hard to hack a domain .dit file.  The other thing I'd be curious about is whether I can open the registry files for the crashed server as we have an application that isn't behaving, and I'm pretty sure it is a missing registry entry. I'll post that on another thread though as you both should get some thanks, so I'm splitting the points.  I haven't downloaded the Beta of Server 2008 yet, but I'll dig up a machine to load it on and see what I think.  At this point, everything is curiousity and for future reference as I'm sure this isn't the only small client I will run into that looses their only domain controller.  Luckily, I recovered the data.  They are up and running now, I just have some tweaking left to do.

Best Wishes,

Jeffery Smith
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.