[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 229
  • Last Modified:

Compair password in ActiveDirectory


I have a TXT file contaning users and passwords.

For example:

I would like to compair an users password in ActiveDirectory and the password in file. (match or not)

Is it possible (compair hash to the passwords in the file)

Thanks in advance

1 Solution

I really hope this isn't possible in any domain environment. You cannot extract password from AD as these are assigned to the user and this information can never be given to anyone else except the user itself. So no, it is not possible to do this.

Why would you even want to do this?? To check and see if a guest account still has a correct password?
Prashant GirennavarCommented:
You can't extract password from Active Directory to compare.

Passwords in AD are stored in hashes , and there is no method to extract them to friendly name

More is here


-Prashant Girennavar.
Well, you actually can crack the passwords if you have access to the files (the link above describes this),  You can access the files easily if you are a domain admin.  I wouldn't provide any guidance on cracking all the passwords, but if you go through all that you can end up with a list of usernames and passwords, which you could then compare to your list.  But no, there is no "reveal password" function built in to AD.
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Just my 2 cents but even if it would be possible (there must be some NSA guys listening in right??) would you ever in your right mind suggest an admin to do something like this?? I'm not quite sure about privacy regulations in the US but if you try to pull this of in the EU and the user finds out you will have one massive issue on your hands..

I for one would never try to go that route..
No, I generally wouldn't recommend that an admin do this.  If there's any help for it, one user (whether an admin or not) should never know the password of another user.  The only semi-valid reason I'm aware of is a password-strength audit.
Can be done simply by using the command
net use x: \\domain\netlogon /user:username password
if this succeeds (errorlevel is zero), the passwords match.
So you could use a script to mass check those matches.

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now