Solved

Access the user details within AD

Posted on 2010-09-15
10
630 Views
Last Modified: 2012-05-10
I just posted the following question and this response was very helpful...

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_26476787.html#a33688351

Now that I understand this info, I have follow up questions related to the data within the AD files.

We have a group policy defined to remember the last 5 passwords that a user uses so they do not reuse it. Guessing password details are maintained in the AD data. Specifically stuff like date the password was last changed and history of the last 5 passwords.

Presuming this is the case...

(1) Is there a utility we could use to view the contents of the AD data file?

(2) Or how can we connect to NTDS.DIT via MS SQL?

0
Comment
Question by:bnrtech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 7

Expert Comment

by:kumarnirmal
ID: 33688482
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 33688499
password last set you can get  using a great tool like adfind by Joe Richards  see my example

http://www.experts-exchange.com/Software/Office_Productivity/Office_Suites/MS_Office/Excel/Q_24302833.html

other command line tools like powershell, dstools, csvde and scripts with vbscript and other methods can also pull info/reports

You could also use acctinfo.dll to add a tab in ADUC  http://www.computerperformance.co.uk/w2k3/utilities/acctinfo.htm


As far as extracting the actual passwords.  That is not possible the passwords are stored as a unicode pwd attribute  http://msdn.microsoft.com/en-us/library/ms680513(VS.85).aspx

stored as a hash that can't be cracked, awesome blog by Jesper on that subject  http://blogs.technet.com/b/jesper_johansson/archive/2005/10/13/410470.aspx

As far as SQL....I'll let the SQL guys handle that.  Linked server and ADO.net are two ways...I'm by no means an expert there

Thanks

Mike
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33688510
You won't be able to get the passwords if you mount the database using dsamain...talk about a security risk :)

by the way that article is wrong it is dsamain not dsamin.

thanks

Mike
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:bnrtech
ID: 33688590
mkline71

Thanks once again for the good info. I think what would apply to us the best is when you mentioned acctinfo.dll to add a tab in ADUC  http://www.computerperformance.co.uk/w2k3/utilities/acctinfo.htm

I went to this hyperlink and followed the instructions to download and register acctinfo.dll. However when I go to register it I get the error noted in the attached image.

Any ideas?

acctinfo.jpg
0
 

Author Comment

by:bnrtech
ID: 33688603
From a command line I have tried to run regsvr32 acctinfo and regsvr32 acctinfo.dll

Maybe I should be doing something different since my server is a 64bit setup?
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33688648
damn,  yeah it won't work on x32....and version 2 is not available publicly  via the Microsoft site  http://www.open-a-socket.com/index.php/2010/04/27/64-bit-version-of-acctinfo2dll/

but Tony did put up the x64 version   http://www.open-a-socket.com/index.php/2010/04/27/64-bit-version-of-acctinfo2dll/

I haven't downloaded that yet but I'm going to load it in my 2008 R2 lab this weekend (forgot to do it)

Thanks

Mike
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33697782
ok just tested that acctinfo2 on my 2008R2 test DC and it works.  Make sure to follow the directions in the word document that comes with it.  You have to register it but also have to make a change using adsiedit.msc

See screenshot from my lab box

Thanks

Mike
acctinfo2-tab.PNG
0
 

Author Comment

by:bnrtech
ID: 33810833
going to this site next week and will update ths question
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 34689999
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question