#2388 Keypass -Recover Windows User Account Credentials with old profile data

[Jainul Abidin Khan]

Hi Team

“Greetings of the Day.

Recently my Laptop migrated from (ABC domain) to (XYZ domain)

Post migration I am unable to open my keypass database file, because I have selected the open database options as “Windows user account”

However I have followed the below article to and run the below command but password not accepting.

Open a command prompt and run the utility:
c:\windows\system32\dpapimig.exe. Enter the old WUA password if prompted for it.

https://sourceforge.net/p/keepass/wiki/Recover%20Windows%20User%20Account%20Credentials/

Note: my old profile data is still exist but i am unable to login with old crediantial its part of diffrent domain.

Please advise me how to proceed on this.

Apprecaite for your quick response.

Regards.
Jainul Khan

[Paul]

As you are on a domain I don't think you will be able to recover the old credentials, because you can't create a temporary user account. Using a temporary (virtual) machine on the old domain may work - ask your IT bods if that is possible.

cheers, Paul

[wellread1]

The recovery procedure was tested for local computers on a workgroup, not in a domain environment. However How to recover a Vault corrupted by lost DPAPI keys describes a -domain switch to use with dpapimig.exe in a domain environment:

Run the utility dpapimig.exe or for a domain joined computer, dpaimig.exe –domain, from the command prompt. This will attempt the blank password first, and if that fails it will prompt for the old password in order to proceed with the migration. Upon successful completion, the Vaults will be useable.

I don't know if the switch is useful when migrating from a domain, but it is probably worth a try.

Windows Data Protection is a propietary Microsoft technology and DPAPI documentation is sparse so there is not much I can add to the procedure as written.

[Jainul Abidin Khan]

dpaimig.exe –domain
I have tried with this command nothing is happening. Please find the attached screenshot.

My existing computer running with Windows10 . also i am able login with new domain/user credinaial.

Howver i have tried with below option.

1. Using windows 7 workgroup machine i have followed the below articale, however its accepting my old password.

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-7/ee681624(v=ws.10)

Plese let me know where i need copy my old datbase file? Is the below location is correct?

%userprofile%\AppData\Roaming\Microsoft\Protect\S-1-5-21-2676219764-1201964595-2451656395-1000

Please find the attached screnshot.

[Jainul Abidin Khan]

Once again i have tried in same computer with new local account. Stil its not accepting the old password

Please find the attached screenshot of all the details. Let me know inacse of any modfication require.

I have one doubt, while creating new registry entry for for creating computer-1"="" and
user1"="",
Do We need to provide the old computer name and user account?
I have domain account what details do i need provide?

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\DPAPI\MigratedUsers\S-1-5-21-2676219764-1201964595-2451656395-1000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\DPAPI\MigratedUsers\S-1-5-21-2676219764-1201964595-2451656395-1000\UserDomain]"computer-1"=""

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\DPAPI\MigratedUsers\S-1-5-21-2676219764-1201964595-2451656395-1000\UserName]"user1"=""

[Paul]

The instructions assume you have admin rights on your machine, which may not be the case in a domain.
You really need to get help from your IT bods.

cheers, Paul

[wellread1]

As I noted before, the only tested migration scenario was between non-domain accounts. I am unable to add to the procedure as written except a to make a few observations from memory:

The dpapimig.exe does not output success/failure messages. The main way to tell if the recovery worked is that you can open your database after completely following the procedure to its conclusion.

If the dpapi key migration worked, you can observe the changes described in section III of the procedure. However, these changes are easily missed because they only happen the first time dpapimig.exe runs successfully. Even if you successfully restore the dpapi keys, only the original ProtectedUserKey.bin file from the original domain can be used to open your database. It must be copied to the location described in the recovery procedure.

Plese let me know where i need copy my old datbase file?

Database location is not critial, except that it must be accessible. It can be in the user's documents folder.