Password audits

I have been given the task of doing a password audit.
No problem, except I can use pwdump for the slight risk of
having to reboot a DC.

I know there are many ways to get a pw dump from a DC but my question is this.
What is the safest way to get that, so that you dont risk having a DC
need to reboot
or have to install software on the DC?

In the past I have used pwdump, different versions, and usually i
didnt have to reboot the box, but there was that rare occasion that
that it made lsass puke and had to be rebooted.

Thanks in advance for your input.


This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.