Home > Products > Windows Passwords > Windows Password Recovery > Screenshots > Forensic tools > Active Directory explorer
Active Directory viewer and explorer
Wireless Password Recovery v4.0
This version can recover multiple handshakes simultaneously almost without speed loss
Reset Windows Password v7.0.5
New features to recovery Internet and network passwords
Happy New Year!
New Year greetings and holidays discount
Windows Password Recovery v11.1
Some minor improvements, changes in DPAPI engine

Articles and video

You may find it helpful to read our articles on Windows security and password recovery examples. Video section contains a number of movies about our programs in action

Windows Password Recovery - Active Directory Explorer

Active Directory Explorer is a small utility for viewing, analyzing and editing properties (attributes) of domain accounts, both public and private.

In the beginning, select the type of the AD database you are going to work with: local or external.

Selecting Active Directory database

When selecting the external database, specify the path to the NTDS.DIT file and to the SYSTEM registry. The latter is required for decrypting private data. If the automatic decryption is enabled, all the encrypted attributes of an account will be decrypted on the fly. In any case, the editor allows editing both decrypted and raw data.

For safety reasons, the editor mode is available for external databases only!

You should also specify what object you want to display. There are 10 types of domain objects. See the table below.

Domain object Description
User object An object of class user. A user object is a security principal object; the principal is a person or service entity running on the computer. The shared secret allows the person or service entity to authenticate itself.
Global domain object Represents a typical domain object that do not conform to other types.
Computer accounts Represents a computer object that is associated with individual client or server machines in an Active Directory domain.
Domain trusts Represents a user object that is used for domain trusts. A trusted domain is a domain that is trusted to make authentication decisions for security principals in that domain.
Alias objects A security or distribution group that can contain universal groups, global groups, other domain local groups from its own domain, and accounts from any domain in the forest. Aliases can be granted rights and permissions on resources that reside only in the same domain where the domain local group is located.
Aliases which are not used for authorization Represents an alias object that is not used for authorization context generation.
Group objects A database object that represents a collection of user and group objects and has a security identifier (SID) value.
Groups which are not used for authorization Represents a group object that is not used for authorization context generation.
Application-defined groups An application-defined group.
Query groups An application-defined group whose members are determined by the results of a query.

Active Directory database source

Once the data source is selected, move on to selecting accounts. Some Active Directory databases contain tens or even hundreds of thousands of domain records. Reading such large databases and completing the list of users may take some time. Selecting just one record shows brief information on it at the bottom: status, whether a password is set and whether it is expired, account description. Clicking the 'Next >' button launches the process of gathering and decrypting all available attributes for the selected object.
Active Directory user account

Each attribute consists of a name and a value. For example, 'Common-Name' contains the account name, and 'Unicode-Pwd' attribute stores its password hash. For a more detailed description of an attribute, select it on the list and then click on the link that appears on the description field. Double-clicking on the data field opens the selected attribute for editing. When done editing, right-click on the text to open the context menu and then save the changes to the ntds.dit file or discard them.

Active Directory explorer and parser

Here is the description of some account attributes. The complete description is available on the website of Microsoft.

The name of the account.
Contains LAN Manager password of the account.
The password of the user in Windows NT one-way format (OWF). Note that you cannot derive the clear password back from the OWF form of the password.
Contains the password history of the user in LAN Manager one-way function format. The attribute is used for compatibility with LAN Manager 2.x clients, Windows 95, and Windows 98.
The password history of the user in Windows NT OWF format.
Relative identifier (RID) for the primary group of the user. This is Domain Users group, by default.
Contains the number of times the user tried to log on to the account using an incorrect password.
Indicates that the account is a member of one of the Administrative groups (directly or transitively).
The hours that the user is allowed to logon to the domain.
The last time the user logged on to the account.
The last time the user attempted to log on to the account with an invalid password. This value is stored as a large 8-byte integer that represents the number of 100 nanosecond intervals since January 1, 1601 (UTC).
This is the time that the user last logged into the domain.
The date when the password for this account was last changed.
The date when the account expires. A value of 0 or 0x7FFFFFFFFFFFFFFF indicates that the account never expires.
Stores the encrypted version of the user's password. Used in authentication.
Flags that control the behavior of the user account. This value can be a combination of one or more of the following values.
0x00000001 Logon script is executed for the account.
0x00000002 The account is disabled.
0x00000008 Home directory is required.
0x00000010 The account is currently locked out.
0x00000020 No password is required.
0x00000040 The user cannot change the password.
0x00000080 The cleartext password is to be persisted
0x00000100 This is an account for users whose primary account is in another domain.
0x00000200 This is a default account type that represents a typical user.
0x00000800 Trust account for a system domain that trusts other domains.
0x00001000 This is a computer account for a computer that is a member of this domain.
0x00002000 This is a computer account for a system backup domain controller that is a member of this domain.
0x00010000 The password for this account will never expire.
0x00020000 This is an MNS logon account.
0x00040000 The user must log on using a smart card.
0x00080000 The account, under which a service runs, is trusted for Kerberos delegation.
0x00100000 The security context of the user will not be delegated to a service even if the service account is set as trusted for Kerberos delegation.
0x00200000 Restrict this principal to use only Data Encryption Standard (DES) encryption types for keys.
0x00400000 This account does not require Kerberos pre-authentication for logon.
0x00800000 The user password has expired.
0x01000000 The account is enabled for delegation. Enables a service running under the account to assume a client identity and authenticate as that user to other remote servers on the network.
0x04000000 The object is a read-only domain controller (RODC)