# Active Directory backup

As part of an internal penetration test and/or as a standalone exercise, 7 Minute Security may ask you for an Active Directory backup to use as part of a password cracking exercise. While 7 Minute Security can extract this backup using a number of penetration testing tools, occasionally these tools can cause stability issues, we like to do this "the Microsoft way" with ntdsutil.exe, a built-in Windows system utility described by Microsoft as:

Ntdsutil.exe is a command-line tool that provides management facilities for Active Directory Domain Services (AD DS) and Active Directory Lightweight Directory Services (AD LDS). You can use the ntdsutil commands to perform database maintenance of AD DS, manage and control single master operations, and remove metadata left behind by domain controllers that were removed from the network without being properly uninstalled. This tool is intended for use by experienced administrators.

# To create an Active Directory backup using ntdsutil.exe:

While logged into a domain controller, open a command prompt window.
In the command prompt window, type:

ntdsutil "ac i ntds" "ifm" "create full c:\dcbackup" q q

This will create an Active Directory backup in a folder called C:\dcbackup.

In Windows Explorer, browse to C:\ and then create an encrypted zip file of the C:\dcbackup folder using a utility such as 7-Zip. Ensure the password is a complex 15+ character random character password using a generator such as this one.
Send the password via text to 7 Minute Security (number to be provided by 7 Minute Security).
Transfer the .zip file itself to 7 Minute Security using a mutually agreed upon secure file transfer method.
Delete the C:\dcbackup folder once 7 Minute Security has confirmed receipt of the encrypted .zip file.