Learn how to a build a cloud-first strategyRegister Now


Converting msSFU30Password from ldapsearch command to plain text

Posted on 2006-04-27
Medium Priority
Last Modified: 2013-12-26
I am trying to write a script that will go out to my Active Directory server and return the password for a list of users, so I can update the passwords into another system.

I am using ldapsearch to return the msSFU30Password property from their account, the problem is that this is encrypted.  Does anyone know a way to get this in plain text?

This script is running on HP-UX 11i and accessing a Windows 2003 server AD

Question by:sbhegel
  • 2
LVL 27

Accepted Solution

Nopius earned 2000 total points
ID: 16558932
Server for NIS includes an attribute called msSFU30Password, which is the password in the UNIX format.
That means, your retrieved password is a one-way-hash. And no decryption is possible.
You may update passwords on another system only if they are also in the same format.
LVL 51

Expert Comment

ID: 16559586
>  Does anyone know a way to get this in plain text?
only brute force methods (except you have a misconfigured LDAP:)
The password is stored as one-way hash, ther is no way back.

Author Comment

ID: 16562439
Mabe this is a better way to ask the question.  

Is there any attribute in Active Directory (LDAP) that stores the password so it can be retrieved and converted to plain text on a Unix system, namely HP-UX 11i

Thanks again
LVL 27

Expert Comment

ID: 16567548
AFAIK unicodePwd attribute stores clear text password in AD (in unicode format).
To retrieve it you must use TLS connection (LDAPS://) with AD  administrator priveleges.
Non enctypted connection (LDAP://) is not enough.

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction: Dynamic window placements and drawing on a form, simple usage of windows registry as a storage place for information. Continuing from the first article about sudoku.  There we have designed the application and put a lot of user int…
Introduction: Finishing the grid – keyboard support for arrow keys to manoeuvre, entering the numbers.  The PreTranslateMessage function is to be used to intercept and respond to keyboard events. Continuing from the fourth article about sudoku. …
This video will show you how to get GIT to work in Eclipse.   It will walk you through how to install the EGit plugin in eclipse and how to checkout an existing repository.
Loops Section Overview
Suggested Courses
Course of the Month20 days, 22 hours left to enroll

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question