I just posted the following question and this response was very helpful...
Now that I understand this info, I have follow up questions related to the data within the AD files.
We have a group policy defined to remember the last 5 passwords that a user uses so they do not reuse it. Guessing password details are maintained in the AD data. Specifically stuff like date the password was last changed and history of the last 5 passwords.
Presuming this is the case...
(1) Is there a utility we could use to view the contents of the AD data file?
(2) Or how can we connect to NTDS.DIT via MS SQL?