Database source and working mode

Database source and working mode

Top  Previous  Next

Database source


Accounts database source allows to select between local and Active Directory accounts. Please note that to work with AD, you should use ESR on the server (domain controller) running Windows  Server 2000/2003/2008/2012.


Work with local computer accounts (SAM)

Work with Active Directory accounts (ntds.dit)

Additional tools






Working mode

Change account password and properties

Dump password hashes for further audit/recovery

Dump Domain Cached Credentials

Backup Registry or Active Directory to archive

Restore Registry or AD from backup

SAM database editor






If you already changed some account properties or password(s) and would like to rollback the changes, select the last option: Restore Registry or AD from backup (you will be prompted for locations of backup copy of SAM or AD database). Otherwise, select Change account password and properties (to change/reset passwords to user accounts, unlock disabled or locked accounts etc), or Dump password hashes ..., if you would like just to dump password hashes from AD or local SAM into the text file for further analysis/recovery in other software like Proactive Password Auditor or Elcomsoft Distributed Password Recovery. Finally, you can backup the Registry (SAM and SYSTEM) or Active Directory database (ntds.dit).


When you dump local password hashes (from SAM), password history hashes are also extracted (and saved into the dump file).


Password hashes can be saved (into the "standard" dump) file in ASCII or UNICODE character set. After dumping, the program asks would you like to open that file in the Notepad; please note that if the user names or comments use non-US alphabet, they will be shown correctly only in UNICODE (and in ASCII dump file, you may see just the asterisks).


Finally, SAM database editor allows to edit all the fields in SAM database, that contain the advanced properties of local user accounts.