Contact me
   My PGP Key

ADDumper - v0.1 (alpha)

ADDumper is an offline Active Directory data dumper.
I am still working on this tool so there are probably lots of bugs. Anyway, I already find it useful.

How to use:
- Reboot a domain controller in Directory Restore mode.
- Backup NTDS.DIT.
- Run ADDumper.
- Delete all LOG, EDB and CHK files from the %SYSTEMROOT%\NTDS folder. If you used the %SYSTEMROOT%\NTDS folder as your temporary folder then the tool cleaned up all these files for you.

- DataTable - the goods
- Link_Table - ???
- HiddenTable - ???
- SDPropTable - ???
- MSysDefrag1 - ???

- datatable_2000_map.txt - Some interesting fields in the Windows 2000 AD structure.
- datatable_2000_small_map.txt - Same as above but lots of empty fields removed.
- generic_map.txt - No table specific columns are defined here, can be used to probe unknown structures.

- Generally you do not need to run this tool on the domain controller. You can just copy the ntds.dit file to another machine and run it from there by specifying the database path in the parameters. This works very well with Windows 2000 database, you can even copy your own esent.dll file with the ntds.dit file and it should work. I was unable to open Windows 2003 databases from my XP workstation this way but other OS combinations might work.
- Make sure you specify the proper map file. If uncertain use the generic map file.
- I noticed that in certain rare cases the ntds.dit file gets corrupted and the tool is unable to open it afterwards. Restore from your backup in this case and try again, it might work.

Related links:

Download here.

Support forum here.
Sitemap generated by Sitemap Manager