unable to mount ntds.dit in offline mode

[saighanasyam]

Hi,
The issue is not related to the tool itself but with mounting the ntds.dit file.

getting below error while trying to mount ntds.dit in offline mode:

The NTDS dump is coming from a Windows 2012 R2, and I've made a clean install + added the necessary requirements (AD LDS services and RSAT AD LDS). I made sure Active Directory Web Service (ADWS) is also running.
Any idea on what is possibly wrong here? I know the issue is not related to the tool, however any assistance from your end is greatly appreciated.

[cert-cwatch]

Hi @saighanasyam,

We have had the same problem for a while, and I think we've found a workaround.
Sometimes, the NTDS dump is corrupted, and you need to repair it.

In the C:\Windows\NTDS folder, you can find all sorts of file :

You can use them to repair your NTDS to a stable state :

• esentutl /r edb (Check if the 'edb' files are exploitable)
• esentutl /g ntds.dit (Check if the NTDS is corrupted)
• esentutl /p ntds.dit (Reconstruct the NTDS with the edb)

Here are more resources regarding this issue :
https://shulerent.com/2011/10/19/using-dsamain-to-browse-disconnected-ntds-dit/

Hope this help.