Windows system >> Windows Server System Tutorial >> Windows Server Tutorial

New SAM file - win2k Active Directory database file ntds.dit

  

In the Windows 2000 operating system, in order to meet the needs of enterprises and increase the network management functions of windows, a new type of directory service-active directory has been developed, and the active directory domain is included in the active directory. The object of all related resources and related information of the domain user, the policy of the domain and other important domain service information. It can be said that Active Directory uses a completely different way to save data information than the original NT system.
Windows 2000 Active Directory data is actually stored in a database file, this file is %SystemRoot%\ tds\\NTDS.D99v (file location can be specified at the time of installation, but must be stored on the NTFS format partition). The ntds.dit file can be said to be the core of the entire Active Directory, including information about user account information, etc. The Active Directory database engine is called ExtensibleStorage Engine (ESE), and both Exchange and WINS can be built using this data engine. The database on the ESE has a storage capacity of up to 16 terabytes and can contain as many as 10 million data objects. Only the Active Directory database can contain so much information (Microsoft material advertised).

Active Directory ESE database *NTDS.D99v* contains the following data tables:

Schema Table
This table contains all the object information that can be created in the Active Directory and the relationship between them. Includes optional and non-optional properties for various types of objects. This table is the smallest one in the Active Directory database, but it is also the most basic one.

Link Table The link table contains the association of all attributes, including the values ​​of the attributes of all objects in the Active Directory. The type of all attributes of a user object, including the value of each attribute and the group to which the user belongs, belong to this table. This table is larger than the Schema table, but smaller than the Data table.

Data table
Users, groups, application special data and other data in the Active Directory are all stored in the Data table. This is the most stored table in the Active Directory, and a large amount of Active Directory data is actually stored in this table.

In another way, you can think of three different types of data in Active Directory

Schema information

can be created in Active Directory and stored in Active Directory. Details of all objects and properties, for example: You can create a new user or contact in the Active Directory, because the Active Directory has pre-set this type of object in the Active Directory object. Schema information is available in all primary domain controllers. These are static messages that are generated during Active Directory installation and cannot be changed.

Configuration Information
All configuration information about the domain or domain tree in the domain where the domain controller is located. All primary domain controllers in these information domains will replicate each other, but this information is static for a domain forest. It cannot be modified after being configured.

Domain Information
Domain Object Information , information about all objects in the domain. It is replicated to all domain controllers within the domain. Even if some of the objects belong to the global scope of the object. However, attribute values ​​are also only replicated within the domain.























Windows2000 upgrade to domain controller, after installing Active Directory, the startup speed is much slower than before the Active Directory Windows 2000 needs to load the Active Directory and set the Active Directory object during startup. In the process of using Active Directory, a large number of operations on Active Directory make the database files of Active Directory grow larger, which causes windos2000 to start slower and slower. In fact, Windows provides a tool to compress the Active Directory database.

Steps for compressing Active Directory

* Restarting the computer
Pressing the F8 key to activate the Windows 2000 Advanced Options menu when the boot menu appears
Select "Active Directory Reply" Mode", then hit the Enter key to start the computer using recovery mode.
Why should I restart my computer? NTDS.dit is locked when the Active Directory is enabled. You cannot read or write this file, so you need to restart the computer. Starting this computer will not start the Active Directory.

*When the login process is logged in, log in with the local administrator account. The password is not the administrator password stored in the Active Directory, but the administrator password used before the Active Directory is installed. This password is stored in the SAM file.

*Enter the command line mode after completing the login. Start the management tool ntdsutil, the following is my operation of Active Directory compression
c:>Ntdsutil
ntdsutil:files
file maintenance:info (View drive information)

Drive information:
c:\\ FAT32 (fixed drive), blank (2.9Gb) total (3.8Gb)
d:\\ NTFS (fixed drive), blank (2.5Gb) total (5.8Gb)
e:\\ FAT32 (fixed drive), blank (1.2Gb) total (9.2Gb)

dspath information:
Database: D:\\WINNT\\NTDS\\NTDS.D99v-8.1MB
Backup directory: D:\\WINNT\\NTDS\\DSADATA.BAK
Working directory: D:\\WINNT\\NTDS
log dir:D:\\WINNT\\NTDS-30MB
RES2.LOG-10.0MB
RES1. LOG-10.0MB
EDB.LOG-10.0MB

file maintenance:compact to "c:\\mytest"

Open database [current]
Create directory: c:\\ Mytest
Use temporary path: e:\\
Execute command: d:\\winnt\\system32\\esentull.exe /d"d:\\winnt\ tds\ tds.dit" /8 /o /L"d: \\winnt/ntds" /s"d:\\winnt\ tds" /t"c:\\mytest" 1:10240 /p

initiating DEFRAGMENTION mode......
database:d: \\winnt\ tds\ tds.dit
log files:d:\\winnt\ t Ds
system files:d:\\winnt\ tds
temp. Database:c:\\mytest\ tds.dit

At this point, the system starts to create a compressed database file. After the creation is complete, the creation is complete. Exit the operation.
file maintenance:quit
ntdsutil:quit (exit)

After completing the conversion, a database compressed file ntds.dit is generated in the c:\\mytest directory, and this file is overwritten with old files. The database that completes the Active Directory is compressed. After rebooting, see if everything is ok. If you are not fully sure, you can back up the source database file ntds.dit before overwriting.

Since the ntds.dit file is the core of the entire Active Directory, you must take care to protect this file and back it up frequently. Once this file is corrupted or deleted (although it's rare, it's still possible), make sure you can recover from the backup, and it's important for an administrator to develop a good habit of regular backups.
The backup of the Active Directory database can be done by using the backup function in the Windows 2000 system tool, in addition to the method of compressing the Active Directory file mentioned above.


Install Active Directory Administrator Password Recovery
Unlike previous NT systems, Windows 2000 after installing Active Directory saves user information in the Active Directory database file ntds.dit. The Security Account Manager (SAM) is no longer used. Therefore, many methods for cracking SAM files have almost no effect. In contrast, restoring Active Directory administrator passwords is much less expensive.

Commonly used crack method

1. Delete SAM file
2. Use crack tool such as H.peter advin's chntpw.
3. Use l0phcrack for password guessing
>4. Use the backup disk to recover
5, re-install NT, and stop the installation and exit after installing the administrator password.
6, the use of system vulnerabilities
7, other solutions

Among these commonly used recovery methods, the first five methods are almost all for the SAM file, although you can modify the password in sam However, it is of no use at all for Active Directory. So far, there is no cracking tool for the Active Directory database ntds.dit (at least I haven't seen it yet) so the administrator password for installing Active Directory can only be exploited by system vulnerabilities or other methods. There are many ways to use the same vulnerability, but there must be vulnerabilities on the system that can obtain administrator privileges, such as the local input method vulnerability of Chinese windows2000. Since the main problem with the input method vulnerability is the help in the input method, if there is no input method vulnerability, we can artificially create a similar vulnerability. You can get permission by using some programs that are started by the system but not necessary for the system to be replaced with other programs that can open the help files. For example, the program Logon.src loaded when win2000 starts is exchanged with other programs that can open the help file or even explorer.exe. The detailed description of the article has been a lot of articles, there is no need to explain more here.



Windows Server Tutorial
Windows system
Windows Server 2008 for mobile device management

In Server 2003, managing mobile devices can be cumbersome. As follows: Use Group Policy to complete
Windows 2000 Internet Information Service Installation

When installing Windows 2000, if the user chooses to install IIS 5.0, the system will automatically

Turn off IE SEC for Windows Server 2008 to improve usability and compatibility.

Installed Windows Server 2008 Beta3, sometimes the security is too high, which will make us ordinary
Breaking through the limitations of the Win 2003 system

If you are an avid multimedia enthusiast, you may be disappointed with your new Windows Server 2003,
Active Directory Backup and Recovery (3)

Let me explain the experimental environment first: Domain Name: demo.com First Domain Controller:

Backup and restore Win2003 AD database

Suppose a large enterprise has thousands of user data in the AD (Active Directory) database. One day
  • Windows Server FAQ
  • Server 2000
  • Server 2003
  • Server 2008
  • Windows Server Tutorial

    • Win10 system computer Bluetooth connection phone method tutorial

    Win10 installation crack patch to enable notification center method

    How to set up a wireless temporary network in Win7 system

    Windows XP Optimized Memory

    The input method icon in the lower right corner of Windows7 is missing. How to retrieve

    Win7 can't open management. Alternative solutions for renaming local disks

    How to enable and adjust Narrator in Win10 10102 Preview?

    How does Win8 turn off the wireless network connection Win8 disables the wireless network connection

    Simply create a USB boot disk under XP system

    See the real chapter for details on the improved font size of Windows7 file associations

  • Windows XP System Tutorial
  • Windows 7 System Tutorial
  • Windows 8 System Tutorial
  • Windows 10 System Tutorial
  • Windows 2003 System Tutorial
  • Windows 2008 System Tutorial
  • Windows Vista System Tutorial
  • Windows tutorial synthesis
  • Windows Server System Tutorial
  • Linux system Tutorial
  • Computer software Tutorial
  • Windows NT Tutorial
    • Copyright © Windows knowledge All Rights Reserved