I tend to use ntdsutil to dump hashes as soon as I get domain admin, as described here: https://www.vmadmin.co.uk/microsoft/43-winserver2008/171-svr08adddsifm
This is a Microsoft tool and I've never had it break a DC, where as I have seen some of the other methods take down a domain controller.
At this point, you have a zip file and exfiltrate the data to your laptop.
Using impacket's secretsdump tool, you can then extract the users:
python impacket/examples/secretsdump.py -system Temp\SYSTEM -ntds Temp\ntds.dit LOCAL -outputfile ifm.ntds
Use -user-status if you want to only show active accounts, and then grep for these.
Grab the allcase.rule file from here: http://www.blacktraffic.co.uk/pw-dict-public/allcase.rule
You may be lucky and find that some of the LM hashes are present, which makes your job that much easier.
Crack the LM hashes first with the following - to try all 7 letter combinations.
hashcat64.exe -m 3000 ifm.ntds -a3 ?a?a?a?a?a?a?a
Then take the output you've got from this and feed it into your NTLM crack as a crib, because we know the NTLM password will be the same but with different case.
hashcat64.exe -m 1000 -a0 ifm.ntds lmoutput.txt -r allcase.rule
Now, you can go ahead and do the normal cracking - grab dictionaries here if you want:
hashcat64.exe -m 1000 -a0 ifm.ntds Top258Million.txt -r nsav2dive.rule
Of course, you might want to tweak this depending on the password policy.