Password audit in 2008 DC


I have a client that requires a password audit to it´s DC that is on a
win 2008 server system.
Due to the criticity of the service, the client does not allow the
execution of a non proven tool to do the task.

I´m trying to do a simple SAM dump on ths system but I need to know for
sure it´ll work and won´t cause a DOS.

I looked for documentation on fgdump and pwdump7. But I find some
contradicting info stating that the tools will only work as for
extracting the local SAM and not the hole Active Directory.

Does anyone have had a similar case? or a trully working experience in
this? Will this tools affect the service since the Win2008 security
responds differently to the tools dll or service?

Tnx in advance.

This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.