You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have a question about RODC’s NTDS.dit file. It seems that it is been built differently as the NTDS on writable DC.
So, my purpose was to demonstrate to my collegues in lab, that it is impossible to stolen non-cached user passwords from the RODC. I tried to read pwd hashes from NTDS file extracted from a RODC. I’ve pre-populated my RODC by some user passwords, but $key = Get-BootKey -SystemHivePath ‘d:\SHARE\SYSTEM’
Get-ADDBAccount -all -DBPath ‘d:\share\ntds.dit’ -BootKey $key -Verbose
does not generate any output. The ADUC snap-in says some password are replicated to the RODC. I pushed the replication of those passwords from repadmin too. When I specify a NTDS file from writable DC in the same domain, it shows me NT hashes of all accounts.
Have tried 2012 R2 and 2016 domains. What may be a reason?
The text was updated successfully, but these errors were encountered:
Message from Eugen:
I have a question about RODC’s NTDS.dit file. It seems that it is been built differently as the NTDS on writable DC.
So, my purpose was to demonstrate to my collegues in lab, that it is impossible to stolen non-cached user passwords from the RODC. I tried to read pwd hashes from NTDS file extracted from a RODC. I’ve pre-populated my RODC by some user passwords, but $key = Get-BootKey -SystemHivePath ‘d:\SHARE\SYSTEM’
Get-ADDBAccount -all -DBPath ‘d:\share\ntds.dit’ -BootKey $key -Verbose
does not generate any output. The ADUC snap-in says some password are replicated to the RODC. I pushed the replication of those passwords from repadmin too. When I specify a NTDS file from writable DC in the same domain, it shows me NT hashes of all accounts.
Have tried 2012 R2 and 2016 domains. What may be a reason?
The text was updated successfully, but these errors were encountered: