William Harper

Its Genuine. I don’t know how to do it. As far as I'm aware (have done lots of searching the net) there is no documented method of doing it. The NTDS.DIT is highly protected (perhaps it's security through obscurity, but none the less, the structure is encrypted and propriety to M$). So the best way I can guess would be to get the AD restored to a working Domain Controller then use standard tools like SAMDUMP, FGDUMP, and the AD DC Administrator password reset trick http://www.petri.co.il/reset_domain_admin_...ver_2003_ad.htm The problem is that you cant restore the AD alone from a System State. The NTBackup tool forces you to restore all the dll's and other system stuff at the same time, which usually kills the destination system because the hardware is different. If anyone is going to play with this, it would be beneficial to everyone else if they could use some form of Virtual environment (VMWare Server(free) etc), so we can easily reproduce the results. Cheers, Will

Challenge to anyone to demonstrate how to recover AD usernames & passwords from a Windows 2003 active directory domain controller system state backup (eg. Out of the ntds.dit and/or associated files) Assume: 1) You don’t have access to the original hardware where the backup was performed. 2) The NTBackup is not password protected. 3) You can get the SYSKEY from the system hive in the backup (using any of the many available tools such as (OPHCrack, LCP, Advanced/Elcomsoft)) Regards, William