[foofus-tools] pwdump6

[Keith Morrell]

Hey, thanks! Sounds great...I'd be keen to get a beta copy and give it a try for you.

But I was wondering (not that I know much about AD internals) how you would pull in the accounts from the registry? I thought all the info would be in the NTDS\dit file?

Also, I'm not worried if it takes a few hours to run, just that it completes AND produces some output...and I was wondering if there is any size limit "built-in" that would prevent it working (some array limit or some such "programmer" type limit?)

As it stands now, it takes maybe 3-4 hours and looks to have completed...but no output.

As Thomas mentioned, a setting could be made ""pSamrEnumerateUsersInDomain" function inside the "LsaExt.c" from 0 to 0x10" to exclude system/computer accounts, which is fine by me as I only need to export user account hashes.

Thanks for your help!

Cheers,

Keith

-----Original Message-----
From: Teh Fizzgig [mailto:fizzgig at foofus.net] 
Sent: Wednesday, 19 May 2010 7:55 AM
To: foofus-tools at lists.foofus.net
Subject: Re: [foofus-tools] pwdump6

On 05/18/10 16:42, Keith Morrell wrote:
> Hi All...trying to get some more info on pwdump6 (or fgdump).
> 
> I run pwdump6 on a medium Active Directory (~700k entries) and it works fine (after about 20-30 mins) however when I run it on my larger directory of about ~3 million users, it runs for about 3-4 hours and doesn't produce any output.
> 
> Any thoughts?

Those are definitely what I would call massive ADs! We don't run into
them all that often, and so we don't do a lot of testing on such sizes.

It will be VERY slow to dump that many users. As luck would have it, I
am (right as we speak) working on a new version of pwdump which uses
direct registry access to pull in accounts, and should run magnitudes
faster. It will probably be a few days yet, but once I get it done, I
might be able to get you a beta copy if you want to give that a try.

--f