In Windows NTLM authentication, the passwords stored on domain controllers are in which database?

NTLM authentication relies on the database that actually stores the user accounts and their credential hashes on the Windows machine. On domain controllers in traditional Windows networks, that credential store is the Security Accounts Manager (SAM). The SAM database contains the accounts (local and domain-related) and their password hashes that NTLM uses during logon. In newer Active Directory environments, domain account data resides in AD’s database (ntds.dit), but for the scenario implied by Windows NTLM on domain controllers, SAM is the store for those credentials. The other options don’t hold the credential hashes: AD’s database is for AD accounts in modern setups, the Password Policy File isn’t the credential store, and the Local Security Authority Database handles policies and secrets rather than the central password hashes.