Compair password in ActiveDirectory


I have a TXT file contaning users and passwords.

For example:

I would like to compair an users password in ActiveDirectory and the password in file. (match or not)

Is it possible (compair hash to the passwords in the file)

Thanks in advance

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.


I really hope this isn't possible in any domain environment. You cannot extract password from AD as these are assigned to the user and this information can never be given to anyone else except the user itself. So no, it is not possible to do this.

Why would you even want to do this?? To check and see if a guest account still has a correct password?
Prashant GirennavarCommented:
You can't extract password from Active Directory to compare.

Passwords in AD are stored in hashes , and there is no method to extract them to friendly name

More is here


-Prashant Girennavar.
Well, you actually can crack the passwords if you have access to the files (the link above describes this),  You can access the files easily if you are a domain admin.  I wouldn't provide any guidance on cracking all the passwords, but if you go through all that you can end up with a list of usernames and passwords, which you could then compare to your list.  But no, there is no "reveal password" function built in to AD.
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

Just my 2 cents but even if it would be possible (there must be some NSA guys listening in right??) would you ever in your right mind suggest an admin to do something like this?? I'm not quite sure about privacy regulations in the US but if you try to pull this of in the EU and the user finds out you will have one massive issue on your hands..

I for one would never try to go that route..
No, I generally wouldn't recommend that an admin do this.  If there's any help for it, one user (whether an admin or not) should never know the password of another user.  The only semi-valid reason I'm aware of is a password-strength audit.
Can be done simply by using the command
net use x: \\domain\netlogon /user:username password
if this succeeds (errorlevel is zero), the passwords match.
So you could use a script to mass check those matches.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.