Windows domain controllers have no local accounts. I think I learned this back when I made my “Practice ntds.dit File Overview” series of blog posts.
Today I had to search for a Microsoft document covering this: Built-in and Account Domains.
Windows domain controllers have no local accounts. I think I learned this back when I made my “Practice ntds.dit File Overview” series of blog posts.
Today I had to search for a Microsoft document covering this: Built-in and Account Domains.
RSS feed for comments on this post. TrackBack URI
This site uses Akismet to reduce spam. Learn how your comment data is processed.
Didier, this is not actually the case sir. Domain controllers have Administrator & Guest (disabled). These accounts are how Active Directory Restore Mode operates.
Comment by Robert — Saturday 28 March 2020 @ 0:33
Well, this could become a philosophical discussion 🙂
I guess you are referring to the Administrator and Guest account in the SAM database?
They are not disabled (active:no), but the SAM database is not used when a domain controller is active (performing AD roles). It’s the ntds.dit database that is used.
When you boot your DC in DSRM mode, the machine is no longer a DC (it is not performing AD roles), and then the SAM database is used.
Comment by Didier Stevens — Saturday 28 March 2020 @ 10:11
Thanks for the reply sir! No need to dip into philosophy. My post was somewhat misleading; I meant to say that the DSRM GUEST account in the local SAM was disabled. Yes, it was the local SAM I was referring to.
Anyway, thanks for all you do here! I’ve been following you for quite a while and always look forward to seeing your ‘stuff’.
Keep on being awesome Didier!!
Comment by Robert — Saturday 28 March 2020 @ 16:29
Thanks for your kind words!
Comment by Didier Stevens — Saturday 28 March 2020 @ 17:41