We help IT Professionals succeed at work.

how to retrive password from AD

I was recently faced with an issue where I had to retrieve a user account (namely the password) details from the Active Directory. Is there any way to decrypt the password ? Or in plain terms is there any method to find out the user password without having to reset the account?


Comment
Watch Question

Top Expert 2010
Commented:
Hi, you can never see, or obtain, the password for an Active Directory user. That would breach the security measures that Windows attempts to put in place.

The only thing you can do as an administrator is reset the password, but you can never identify the current password, unless the user tells you it.
Distinguished Expert 2018
Commented:
No. Active Directory authenticates using a very strong PKI system and all access is managed through a specialized service. The attribute to the user object is not even exposed via the normal LDAP interface. That is why domain-joined machines *must* be running the netlogon service and cannot make a regular LDAP call to authenticate and it is why netlogon will fail if a secure channel is not established. Password hashes in AD are buried under several layers of encryption and stripping them all away is a practical impossibility on modern windows server OS's (2003 and later.)
Premkumar YogeswaranSr. Analyst - System Administrator
Commented:
Hi Mishalk,

The Password in AD cannot be traced. It is encrypted. It cannot be decrypt that is the main security in AD.

You can only reset the password.

Cheers,
Prem

Commented:
Is your account used by any service? If so - it is relatively easy to dump this password from LSA if you have admin rights.
You an also create own password notification package and store all passwords in test file when they are changed.

Commented:
Your question was "Is there any way to decrypt the password ?"
If you obtained an answer - assign your points please. If you did not obtain - why did you respond "thanks"?

Author

Commented:
i got the answer i couldnt see the section to assign points, it says either delete or request for attention
let me know how could i assign the points..i couldnt see the option "assign points"
Premkumar YogeswaranSr. Analyst - System Administrator

Commented:
Hey,

Am Wondering, Did you get the answer to retrive the password from AD?

Cheers,
Prem