Didier Stevens

Saturday 28 March 2020

Quickpost: Windows Domain Controllers Have No Local Accounts

Filed under: Quickpost — Didier Stevens @ 0:00

Windows domain controllers have no local accounts. I think I learned this back when I made my “Practice ntds.dit File Overview” series of blog posts.

Today I had to search for a Microsoft document covering this: Built-in and Account Domains.


Quickpost info


4 Comments »

  1. Didier, this is not actually the case sir. Domain controllers have Administrator & Guest (disabled). These accounts are how Active Directory Restore Mode operates.

    Comment by Robert — Saturday 28 March 2020 @ 0:33

  2. Well, this could become a philosophical discussion 🙂

    I guess you are referring to the Administrator and Guest account in the SAM database?
    They are not disabled (active:no), but the SAM database is not used when a domain controller is active (performing AD roles). It’s the ntds.dit database that is used.

    When you boot your DC in DSRM mode, the machine is no longer a DC (it is not performing AD roles), and then the SAM database is used.

    Comment by Didier Stevens — Saturday 28 March 2020 @ 10:11

  3. Thanks for the reply sir! No need to dip into philosophy. My post was somewhat misleading; I meant to say that the DSRM GUEST account in the local SAM was disabled. Yes, it was the local SAM I was referring to.

    Anyway, thanks for all you do here! I’ve been following you for quite a while and always look forward to seeing your ‘stuff’.

    Keep on being awesome Didier!!

    Comment by Robert — Saturday 28 March 2020 @ 16:29

  4. Thanks for your kind words!

    Comment by Didier Stevens — Saturday 28 March 2020 @ 17:41


RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.