not sure if you solved it but the question is poorly written as usual … when they say NTLM hash they usually are referring to NT part of the hash only
It actually failed a few times, I exited out, did some enumeration of the accounts rights etc to make sure I wasn’t going crazy (a Domain Admin should be able to DCSync!), and it just worked. The exact same command as before, run from the same PowerShell session (although I had exited Mimikatz and gone back in).
So for anyone reading this: It seems like just a transitory error, but secretsdump is probably quicker.
I met mimikatz error in the windows version of this section.
ERROR kuhl_m_lsadump_dcsync ; GetNCChanges: 0x000020f7 (8439)
However, the cause of this problem is simple. The current user just does not have enough privileges.
In this questions, you can elevate your privileges by right-clicking.
FROM WINDOWS HOST
To get the flag.txt located in the ExtraSids folder you have to do as following
And then cat it out! You know how to do it
Now from where I found this? Actually I tried many combination such as c\ExtraSids, c\ExtraSids$, etc manually and at last got hit on it.