Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Password from Domain

Status
Not open for further replies.
lhe

lhe

Programmer
Dec 16, 2002
2
US
I have a job in which I am supposely to retrieve all the users inofrmation such as userid, name and title as well as password from the LDAP query. Now I got all I want from the LDAP, but not the password. I was told that the passwords are stored in the domain. I found Changepassword, SetPassword methods and looped out all the properties of each user, but not the password.
Does anyone have an idea of how to get the passwords (MD5 encrypted hash) from the domain. Please help. I just have no idea at all.
Your help if appreciated.
Lannie
 
Sort by date Sort by votes
My first question is why? Why do you need to know someone else's password? If they've forgotten their password, you can change it for them.

Further, the last thing I would want to know, especially if the SysAdmin, is someone else's password. You expose yourself to liability, and you then provide everyone the easy defense - The SysAdmin has my password, and logged in as me and did it!

Good Luck
--------------
As a circle of light increases so does the circumference of darkness around it. - Albert Einstein
 
Upvote 0 Downvote
To CajunCenturion,
You have a good point. I am software programmer here. Now we are building a component in the active directory.
My job is only a part which will play a bridge connecting other two servers. My part is to retrieve all the user's information and passwords, .. and save them to the sql database. The passwords are saved as encrypted. So far, I wrote some code retrieving the user's information from LDAP query in VBScript. Only password is missing. I simply can't not find anything (properties or methods) that can be used.
Hopefully,this explanation can answer your questions.
Lannie
 
Upvote 0 Downvote
If you could retrieve the hash from AD would that be sufficient for your requirements.

That way you dont know that password, no liability, and you have the hash.

Many Thanks
Yardyy
 
Upvote 0 Downvote
Windows (2k and beyond) is supposed to be capable of C2-level security, which mandates a non-repudiation requirement. In order to meet that requirement, passwords are not to be retrievable by anyone (including administrators). This is accomplished by storing the password only as a hash value, which is typically MD5 or SHA, and is one-way encryption -- no decryption. You verify that the user entered the correct password by hashing the input and comparing it to the stored hash.

My point is: you cannot (theoretically) retrieve user's passwords from Windows (or any other C2 or better system).
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Ian Jones
  • Locked
  • Question
Samsung Ver5.03 Firmware back door password
Replies
0
Views
620
Ian Jones
Ian Jones
T
  • Locked
  • Solved
Not able to log into my previous account, and there's no "Forget Password"
Replies
15
Views
2K
Chris Miller
Chris Miller
KenLSim
  • Locked
  • Question
Server Password Request
Replies
0
Views
318
KenLSim
KenLSim
nakbrooks
  • Locked
  • Question
Configuring NAT on SonicWall TZ210 to access ADSL router from LAN
Replies
0
Views
275
nakbrooks
nakbrooks
SamBones
  • Locked
  • Question
Diceware Passwords 1
Replies
0
Views
441
SamBones
SamBones

Part and Inventory Search

Sponsor

Back
Top