To help build a case for a security budget, amongst other things, I would like to demonstrate why the physical security of (W2K3) AD DC's is important.

if a rogue employee (or anyone for that matter) had physical access to such a box using Knoppix, BackTrack or other tools would he or she be able to extract the AD database from a unsecured box and crack the passwords. Could anyone either explain the steps or direct me to a resource.

Thanks

T.