If you can't find the cert that encrypted them or the cert for the Data Recovery Agent (DRA) (usually the domain admin) you are out of luck.
They key to open the data is stored in the headers of the file and it is locked up with the private key for the user who encrypted it and the private key for the DRA. The data is encrypted symmetrically. You may find those keys exist somewhere even though the domain doesn't exist anymore. You should be able to recover with them. -----Original Message----- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Monday, February 03, 2003 11:33 AM To: ActiveDir (E-mail) Subject: [ActiveDir] Decrypt Files from a no longer existing domain How can I decrypt some files that I did not know were encrypted when I decommissioned the last DC in that old domain. I have tried restoring them to a FAT Partition and I can open them but there is no data in them. Any help would be appreciated Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
