What are the main built-in Windows tools for obtaining the NTDS.dit file via Volume Shadow Copy, and how do they differ?

The main built-in tools are `ntdsutil` and `vssadmin`, both preinstalled on Windows Server. `ntdsutil` is specific to Active Directory and can create, mount, and manage snapshots of the NTDS database, as detailed in Domain Penetration - Obtaining the NTDS.dit File from Domain Controller Servers. `vssadmin` is a general Volume Shadow Copy command-line tool that creates system snapshots. Additionally, `vshadow.exe` from the Windows SDK is not built-in but offers persistent snapshots and can be used for execution bypass. For a broader context on abusing VSS, see Volume Shadow Copy in Penetration Testing.