The Ntds.dit file is a database that stores Active Directory data, including information about user objects, groups, and group membership. It includes the password hashes for all users in the domain.
By extracting these hashes, it is possible to use tools such as Mimikatz to perform pass-the-hash attacks, or tools like Hashcat to crack these passwords. The extraction and cracking of these passwords can be performed offline, so they will be undetectable. Once an attacker has extracted these hashes, they are able to act as any user on the domain, including Domain Administrators.
https://www.ultimatewindowssecurity.com/blog/default.aspx?d=10/2017
NTLM user authentication
User records are stored in the security accounts manager (SAM) database or in the Active Directory database. Each user account is associated with two passwords: the LAN Manager-compatible password and the Windows password. Each password is encrypted and stored in the SAM database or in the Active Directory database.
Domain controllers store passwords for domain accounts in ntds.dit not the SAM file.
upvoted 3 times
...
This section is not available anymore. Please use the main Exam Page.312-49 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
giangvd
11 months, 2 weeks agostickerbush1970
1 year, 4 months agostickerbush1970
1 year, 5 months agoapetro76
1 year, 6 months ago