Contact me
   My PGP Key


RADPass is an offline Active Directory password remover.

How to use:
- Reboot a domain controller in Directory Restore mode. If you do not know the recovery mode password you can use this Offline NT Password & Registry Editor to reset it.
- Backup NTDS.DIT.
- Run RADPass.
- Delete all LOG, EDB and CHK files from the %SYSTEMROOT%\NTDS folder. If you used the %SYSTEMROOT%\NTDS folder as your temporary folder then the tool cleaned up all these files for you.
- Perform an authoritative restore of the AD database if you have multiple domain controllers. This will replicate the change to the other controllers.
- Reboot the server. You should be able to login without a password for the target username.

- Generally you do not need to run this tool on the domain controller. You can just copy the ntds.dit file to another machine and run it from there by specifying the database path in the parameters. This works very well with Windows 2000 database, you can even copy your own esent.dll file with the ntds.dit file and it should work. I was unable to open Windows 2003 databases from my XP workstation this way but other OS combinations might work.
- Make sure you specify the proper OS version of the ndts.dit file, the tool doesn't attempt to guess it.
- I noticed that in certain rare cases the ntds.dit file gets corrupted and the tool is unable to open it afterwards. Restore from your backup in this case and try again, it might work.

Related links:
Offline NT Password & Registry Editor
Unlocking Windows NT/2000 Domain Controllers.

Download here.

Support forum here.
Sitemap generated by Sitemap Manager