extracting password hashes from NTDS.DIT on MS DC?

[imported_John_smith]

Hello all,
My management has approved an audit of AD accounts looking for weak passwords

Since I have the server and backups I would have access to NTDS.DIT file, is there away to extract password hashes directly from it? I'm trying to avoid running LC or fgdump on the Active Directory domain controller.

I've searched high and low and have not been able to find an answer.

[Gitsnik]

Since I have the server and backups I would have access to NTDS.DIT file, is there away to extract password hashes directly from it? I'm trying to avoid running LC or fgdump on the Active Directory domain controller.

Two seconds to google "crack ntds.dit" makes me wonder if you searched at all. But to give you the benefit of the doubt, there is no reason not to run pwdump on the DC itself - schedule it for late at night after everyone has gone home if you are nervous. Watch it onsite or remotely and if you run other services on it (especially exchange) shut them down first to be certain that they are not going to be corrupted.

Only once have I seen pwdump blue screen a machine, and that was against a highly volatile (already) terminal server in one of my earliest jobs. With that in mind, just execute pwdump and see if it works.