Solved

Access the user details within AD

Posted on 2010-09-15
10
622 Views
Last Modified: 2012-05-10
I just posted the following question and this response was very helpful...

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_26476787.html#a33688351

Now that I understand this info, I have follow up questions related to the data within the AD files.

We have a group policy defined to remember the last 5 passwords that a user uses so they do not reuse it. Guessing password details are maintained in the AD data. Specifically stuff like date the password was last changed and history of the last 5 passwords.

Presuming this is the case...

(1) Is there a utility we could use to view the contents of the AD data file?

(2) Or how can we connect to NTDS.DIT via MS SQL?

0
Comment
Question by:bnrtech
10 Comments
 
LVL 7

Expert Comment

by:kumarnirmal
ID: 33688482
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 33688499
password last set you can get  using a great tool like adfind by Joe Richards  see my example

http://www.experts-exchange.com/Software/Office_Productivity/Office_Suites/MS_Office/Excel/Q_24302833.html

other command line tools like powershell, dstools, csvde and scripts with vbscript and other methods can also pull info/reports

You could also use acctinfo.dll to add a tab in ADUC  http://www.computerperformance.co.uk/w2k3/utilities/acctinfo.htm


As far as extracting the actual passwords.  That is not possible the passwords are stored as a unicode pwd attribute  http://msdn.microsoft.com/en-us/library/ms680513(VS.85).aspx

stored as a hash that can't be cracked, awesome blog by Jesper on that subject  http://blogs.technet.com/b/jesper_johansson/archive/2005/10/13/410470.aspx

As far as SQL....I'll let the SQL guys handle that.  Linked server and ADO.net are two ways...I'm by no means an expert there

Thanks

Mike
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33688510
You won't be able to get the passwords if you mount the database using dsamain...talk about a security risk :)

by the way that article is wrong it is dsamain not dsamin.

thanks

Mike
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:bnrtech
ID: 33688590
mkline71

Thanks once again for the good info. I think what would apply to us the best is when you mentioned acctinfo.dll to add a tab in ADUC  http://www.computerperformance.co.uk/w2k3/utilities/acctinfo.htm

I went to this hyperlink and followed the instructions to download and register acctinfo.dll. However when I go to register it I get the error noted in the attached image.

Any ideas?

acctinfo.jpg
0
 

Author Comment

by:bnrtech
ID: 33688603
From a command line I have tried to run regsvr32 acctinfo and regsvr32 acctinfo.dll

Maybe I should be doing something different since my server is a 64bit setup?
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33688648
damn,  yeah it won't work on x32....and version 2 is not available publicly  via the Microsoft site  http://www.open-a-socket.com/index.php/2010/04/27/64-bit-version-of-acctinfo2dll/

but Tony did put up the x64 version   http://www.open-a-socket.com/index.php/2010/04/27/64-bit-version-of-acctinfo2dll/

I haven't downloaded that yet but I'm going to load it in my 2008 R2 lab this weekend (forgot to do it)

Thanks

Mike
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33697782
ok just tested that acctinfo2 on my 2008R2 test DC and it works.  Make sure to follow the directions in the word document that comes with it.  You have to register it but also have to make a change using adsiedit.msc

See screenshot from my lab box

Thanks

Mike
acctinfo2-tab.PNG
0
 

Author Comment

by:bnrtech
ID: 33810833
going to this site next week and will update ths question
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 34689999
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question