siuf
asked on
Export Active Directory passwords ?
Hello
our security team asks me if it is possible to export the Active Directory password for a given user. It seems that we are victim of far east hackers and they would like to understand how this happened. We are using WIndows Server 2003 R2.
Pierrot
our security team asks me if it is possible to export the Active Directory password for a given user. It seems that we are victim of far east hackers and they would like to understand how this happened. We are using WIndows Server 2003 R2.
Pierrot
Krzysztof Pytko
Nope, this is not possible. You can use some hacker's tools to guess password but it is not very nice. By default it is not possible to export passwords in clear text.
ASKER
I do not want the passwords in clear text! I could have asked the question in another form: where does AD store the passwords ? My task is to give the password of a user to the security team, no to crack that password.
All AD information is stored on domain controller in NTDS.DIT database. If you have enabled "Logon cache" on your workstations then actual password is stored in user's profile in NTUSER.DAT file.
ASKER
I have 2 ntds.dit files: one stored in c:\windows\system32 which is 6 MB big, dated Feb. 2007, and another one which is 532 MB big, dated today, stored in c:\windows\ntds. Which one is the good one ? I suppose it's the bigger one.
yes, that file located in c:\windows\ntds is the valid one
ASKER
Ok, thank you. Last question: I found in our GPO Default Domain Policy that we use "Store passwords using reversible encryption --> disabled". I understand this as "even if I can get the encrypted password, I will not be able to decrypt it". Right ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you, I got finally a dump file which I can send to the security team.