Users Password from Active Directory

G

Guest

Hi , is there any way that i could get the users Domain password from Active
Directory ? I'm an administrator for the Windows Server 2000 Server and i
need this for some administrative purposes. Please Help

Regards
 
E

Enkidu

aznan said:
Hi , is there any way that i could get the users Domain password from
Active Directory ? I'm an administrator for the Windows Server 2000
Server and i need this for some administrative purposes. Please Help
Click to expand...
An administrator can set a password but cannot find out a password of a
user.

The only way you could achive what you want is to set the user's
password and then prevent them from changing it. This is not secure,
obviously.

Cheers,

Cliff
 
H

Hank Arnold

Wouldn't be much of a secure environment if they could, would it??? Think
about it.... If you could do it, hackers could do it,too.......

If there *is* a way, I sure hope no one is stupid enough to post it on a
public forum......
 
H

Herb Martin

aznan said:
Hi , is there any way that i could get the users Domain password from
Active
Directory ? I'm an administrator for the Windows Server 2000 Server and i
need this for some administrative purposes. Please Help
Click to expand...

"need this for some admin purposes"? Doubtful.

Others have responded to indicate that this is not available
(by design).

You might 'crack' your own accounts database but you will
likely only get the passwords of users who have not used
strong passwords (l0phtcrak comes to mind.)

[And it MAY be reasonable for an admin to attempt this
on a regular basis -- with permission and notification --
in order to find weak passwords.]

You can MIGRATE the passwords by using ADMTv2 or v3.

What is it you want to do with these? What is your "admin purpose"?
 
R

Ryan Hanisco

Aznan,

Passwords under 16 characters can be decrypted much more easily as they
use a different algorithm. That being said, I have a hard time thinking
of any reason why an administrator would need to get a user's password.

So, tell us what you need access to and maybe we can help. Otherwise,
there's not much we can responsibly do.

Ryan Hanisco
 
J

Joe Richards [MVP]

It protects the hashes stored in the SAM portion of the registry that could be
brute forced.

SYSKEY doesn't do anything to help hashes in AD. You can get the hashes either
by injecting code into the LSASS process or editing the DB directly.



--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net

---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

DOMAIN CONTROLLER CHANGE PASSWORD 1
problem with Active Directory 1
big problem with active directory 1
sharing documentation on active directory 1
Active Directory Setup & Administration 3
users and computers 1
Change Windows 2000 DC server administrator password 3
Active Directory problem 1

Top