• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 9852
  • Last Modified:

Get Password for Active Directory user

I am working with active directory through asp.net2.0.i need to get one Active directory user's password using LDAP.I am not sure how to do this.I used the below script which gave me when the password was last set,whether it was expired etc..,.But i need to see the password for that particular active directory user
Option Explicit
 
Dim objUser, strUserDN, objShell, lngBiasKey, lngBias, k
Dim objRootDSE, strDNSDomain, objDomain, objMaxPwdAge, intMaxPwdAge
Dim objDate, dtmPwdLastSet, lngFlag, blnPwdExpire, blnExpired
Dim lngHighAge, lngLowAge
 
Const ADS_UF_PASSWD_CANT_CHANGE = &H40
Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000
 
' Hard code user Distinguished Name.
 
Set objUser = GetObject("LDAP://<GUID=c64b2d9f-4e41-4528-9573-6bebb0800336>")
 
' Obtain local time zone bias from machine registry.
Set objShell = CreateObject("Wscript.Shell")
lngBiasKey = objShell.RegRead("HKLM\System\CurrentControlSet\Control\" _
    & "TimeZoneInformation\ActiveTimeBias")
If (UCase(TypeName(lngBiasKey)) = "LONG") Then
    lngBias = lngBiasKey
ElseIf (UCase(TypeName(lngBiasKey)) = "VARIANT()") Then
    lngBias = 0
    For k = 0 To UBound(lngBiasKey)
        lngBias = lngBias + (lngBiasKey(k) * 256^k)
    Next
End If
 
' Determine domain maximum password age policy in days.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")
Set objDomain = GetObject("LDAP://" & strDNSDomain)
Set objMaxPwdAge = objDomain.MaxPwdAge
 
' Account for bug in IADslargeInteger property methods.
lngHighAge = objMaxPwdAge.HighPart
lngLowAge = objMaxPwdAge.LowPart
If (lngLowAge < 0) Then
    lngHighAge = lngHighAge + 1
End If
intMaxPwdAge = -((lngHighAge * 2^32) _
    + lngLowAge)/(600000000 * 1440)
 
' Retrieve user password information.
Set objDate = objUser.PwdLastSet
dtmPwdLastSet = Integer8Date(objDate, lngBias)
lngFlag = objUser.Get("userAccountControl")
blnPwdExpire = True
If ((lngFlag And ADS_UF_PASSWD_CANT_CHANGE) <> 0) Then
    blnPwdExpire = False
End If
If ((lngFlag And ADS_UF_DONT_EXPIRE_PASSWD) <> 0) Then
    blnPwdExpire = False
End If
 
' Determine if password expired.
blnExpired = False
If (blnPwdExpire = True) Then
    If (DateDiff("d", dtmPwdLastSet, Now) > intMaxPwdAge) Then
        blnExpired = True
    End If
End If
 
' Display password information.
Wscript.Echo "User: " & strUserDN & vbCrLf & "Password last set: " _
    & dtmPwdLastSet & vbCrLf & "Maximum password age (days): " _
    & intMaxPwdAge & vbCrLf & "Can password expire? " & blnPwdExpire _
    & vbCrLf & "Password expired? " & blnExpired
 
' Clean up.
Set objUser = Nothing
Set objShell = Nothing
Set objRootDSE = Nothing
Set objDomain = Nothing
Set objMaxPwdAge = Nothing
Set objDate = Nothing
 
Function Integer8Date(ByVal objDate, ByVal lngBias)
    ' Function to convert Integer8 (64-bit) value to a date, adjusted for
    ' local time zone bias.
    Dim lngAdjust, lngDate, lngHigh, lngLow
    lngAdjust = lngBias
    lngHigh = objDate.HighPart
    lngLow = objdate.LowPart
    ' Account for bug in IADslargeInteger property methods.
    If (lngLow < 0) Then
        lngHigh = lngHigh + 1
    End If
    If (lngHigh = 0) And (lngLow = 0) Then
        lngAdjust = 0
    End If
    lngDate = #1/1/1601# + (((lngHigh * (2 ^ 32)) _
        + lngLow) / 600000000 - lngAdjust) / 1440
    Integer8Date = CDate(lngDate)
End Function

Open in new window

0
rathiagu
Asked:
rathiagu
1 Solution
 
RobSampsonCommented:
Hi, you can never see, or obtain, the password for an Active Directory user. That would breach the security measures that Windows attempts to put in place.

The only thing you can do as an administrator is reset the password, but you can never identify the current password, unless the user tells you it.

Regards,

Rob.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now