Compair password in ActiveDirectory

Posted on 2014-08-13
Last Modified: 2014-08-18

I have a TXT file contaning users and passwords.

For example:

I would like to compair an users password in ActiveDirectory and the password in file. (match or not)

Is it possible (compair hash to the passwords in the file)

Thanks in advance

Question by:mikeydk
    LVL 23

    Expert Comment


    I really hope this isn't possible in any domain environment. You cannot extract password from AD as these are assigned to the user and this information can never be given to anyone else except the user itself. So no, it is not possible to do this.

    Why would you even want to do this?? To check and see if a guest account still has a correct password?
    LVL 10

    Expert Comment

    by:Prashant Girennavar
    You can't extract password from Active Directory to compare.

    Passwords in AD are stored in hashes , and there is no method to extract them to friendly name

    More is here


    -Prashant Girennavar.
    LVL 38

    Expert Comment

    Well, you actually can crack the passwords if you have access to the files (the link above describes this),  You can access the files easily if you are a domain admin.  I wouldn't provide any guidance on cracking all the passwords, but if you go through all that you can end up with a list of usernames and passwords, which you could then compare to your list.  But no, there is no "reveal password" function built in to AD.
    LVL 23

    Expert Comment

    Just my 2 cents but even if it would be possible (there must be some NSA guys listening in right??) would you ever in your right mind suggest an admin to do something like this?? I'm not quite sure about privacy regulations in the US but if you try to pull this of in the EU and the user finds out you will have one massive issue on your hands..

    I for one would never try to go that route..
    LVL 38

    Expert Comment

    No, I generally wouldn't recommend that an admin do this.  If there's any help for it, one user (whether an admin or not) should never know the password of another user.  The only semi-valid reason I'm aware of is a password-strength audit.
    LVL 52

    Accepted Solution

    Can be done simply by using the command
    net use x: \\domain\netlogon /user:username password
    if this succeeds (errorlevel is zero), the passwords match.
    So you could use a script to mass check those matches.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    This is a PowerShell web interface I use to manage some task as a network administrator. Clicking an action button on the left frame will display a form in the middle frame to input some data in textboxes, process this data in PowerShell and display…
    In this previous article (, we made basic license assignments to users in O365. When I say basic, the method is the simplest way …
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now