Published: 19 October 2020    Last Updated: 03 November 2022

We covered extracting domain hashes with Mimikatz previously, but that's not always the best approach - for example where anti-virus is getting in the way. However there are other options for the same goal. This time around we'll take a look at using Vssadmin, a built-in Windows tool. VSSAdmin is the Volume Shadow Copy Administrative command-line tool and it can be used to take a copy of the NTDS.dit file - the file that contains the active directory domain hashes.