• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4391
  • Last Modified:

extract passwords form ntds.dit

have a local copy of ntds.dit and want to extract a list of usernames/passwords (large exchange migration planned and want to remote in and setup profiles for all users before monday when they log in).  Tried pwdump and it crashes lsass.exe everytime?  any ideas?  
0
mimesscareme
Asked:
mimesscareme
  • 6
  • 4
  • 2
  • +1
1 Solution
 
MSE-dwellsCommented:
Dumping the DIT's content offline isn't a common-place request, could I ask to what end?


0
 
redseatechnologiesCommented:
A good exchange migration should mean you do no need usernames and passwords.

What you are requesting is a serious breach, what you should do is reset everyones password, if you have no alternative.
0
 
mimesscaremeAuthor Commented:
the plan is to migrate a large number of POP3 users to exchange (already created the mailboxes) and they were using AD already.  Once we migrate the users data into exchange we want to remote in and log in as them to set up email versus them coming in Monday and freaking out cause it doesn't work and ringing the phone off the hook.  Within a week all users will be required to change passwords BUT in the meantime I want a seamless transition from POP to exchange.  

0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
redseatechnologiesCommented:
How many users?
0
 
mimesscaremeAuthor Commented:
400 users in AD.  
0
 
redseatechnologiesCommented:
For 400 users, there are only 2 things I would do.

Either write clear instructions on what they need to do Monday morning, or reset all their passwords to something simple.

Hacking their passwords is a serious breach, depending on your state or country
0
 
mimesscaremeAuthor Commented:
First off this is at the request of the company I am working for (they own the servers and the accounts).  I understand the ethical side of the issue BUT since the  company OWNS the logins it really isn't my problem.  The small helpdesk staff here isn't ready to accept 400 phone calls Monday at 0801 am.  All I am trying to do is expedite the situation so Monday isn't a disaster.  

Why this question received pompous answers about it being a breach is beyond me.  I KNOW THAT.  As was stated earlier this was something to make the transition easier for all.  The "breach of security" for a short time was acceptable to the director since we woudl reinstitute security post migration.

I will find a solution someplace else
0
 
redseatechnologiesCommented:
>>I understand the ethical side of the issue BUT since the  company OWNS the logins it really isn't my problem.

No, they don't.  Passwords are the property of the users - they may use the same password for internet banking, or whatever.  The end result is, be careful - I am not throwing this here for the sake of it, I am telling you that if it all goes bad, things will get real ugly, real quick.

Which reminds me, why not just use something like richprofile in the login scripts?  It will build a new outlook profile based on your settings, and you can deploy it to all users.

The point is, what you are doing is illegal - we can't tell you how to do it, no matter what your intentions are.

Find a better way.
0
 
MSE-dwellsCommented:
FWIW my earlier response contained both a question and a direct response but was trimmed by EE-admin. staff (I'm chatting with them now regarding their reasons) ... although my question still stands, I wanted to be mention that my earlier post is incomplete ....
0
 
mimesscaremeAuthor Commented:
don't worry about it MSE.  I read your post and appreciate you taking the time to reply with useful information.

as far as the rest of this thread I am baffled.  If a user uses the company PC to surf the net and pay bills  with the same password as their network password then they are just irresponsible.  IF I gain access to their network password to get to their email or files that is commpletely within company policy as the COMPANY owns the account and the email, period.

I will find and answer to this someplace else.  Disappointed in EE again.  maybe that's why I stopped paying for it.  1  real solution in 3 years.
0
 
Jay_Jay70Commented:
maybe if you asked questions that didnt cross the lines in which we can participate, then you would get an answer, maybe I could post on a religious website asking the best way to summon the devil, and then complain when they dont give me a response that i like.

FYI we get diddly squat for helping out on these posts, Redseatechnologies, myself, plus heaps of others, spend our time, free, with no gain at all, so next time you want to whinge about paying, or not paying, or getting your ideal illegal response, think about the people who are actually helping you, we get nothing.

You want to complain, go to CS and complain, here is not the place and we are not the people, we are just the same as you

Side Note: MSE-dwells has only partial of his answer shown as i edited it...it does not show his full response which did indeed hold valuable info that cannot be shown here due to rules

J
0
 
mimesscaremeAuthor Commented:
Did you say whinge Jay?  

and I am over it.  achieved my goal and i sleep like a baby since what i am doing is NOT illegal.  

good day.
0
 
mimesscaremeAuthor Commented:
FYI..
addendum:

The password/user list that was extraced was used to login to machines as the user, extract their PST's from a POP server offiste and migrate their info into exchange.  Due to numerous systems that are NOT synchronized with AD (they have been manually synched) changing 400 users password multiple times wasn't practical.  The userlist was NOT saved or exported and the notes taken by the staff were all collected/shredded and put in a locked recycle bin to be destroyed.  All passwords will be changed and synched during a later SOS project.

Appreciate your candor Jay and understand how it feels to volunteer your time and it is perceived that no one appreciates it (which is not the case in my point as I do answer questions here and other forums).  
0
 
Jay_Jay70Commented:
Glad to know you got through the project successfully.

Thanks for the note and all the best :) see ya around

James
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 6
  • 4
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now