Converting msSFU30Password from ldapsearch command to plain text

I am trying to write a script that will go out to my Active Directory server and return the password for a list of users, so I can update the passwords into another system.

I am using ldapsearch to return the msSFU30Password property from their account, the problem is that this is encrypted.  Does anyone know a way to get this in plain text?

This script is running on HP-UX 11i and accessing a Windows 2003 server AD

Who is Participating?
NopiusConnect With a Mentor Commented:
Server for NIS includes an attribute called msSFU30Password, which is the password in the UNIX format.
That means, your retrieved password is a one-way-hash. And no decryption is possible.
You may update passwords on another system only if they are also in the same format.
>  Does anyone know a way to get this in plain text?
only brute force methods (except you have a misconfigured LDAP:)
The password is stored as one-way hash, ther is no way back.
sbhegelAuthor Commented:
Mabe this is a better way to ask the question.  

Is there any attribute in Active Directory (LDAP) that stores the password so it can be retrieved and converted to plain text on a Unix system, namely HP-UX 11i

Thanks again
AFAIK unicodePwd attribute stores clear text password in AD (in unicode format).
To retrieve it you must use TLS connection (LDAPS://) with AD  administrator priveleges.
Non enctypted connection (LDAP://) is not enough.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.