Exchange 2016 - Getting Mailbox Passwords

Hi,
I'm pretty sure I know the answer to this already but I wanted to make sure.
As an Admin in Exchange, is there any simple or even not so simple way to get a users password by either using EMS or EMC? I don't think there is.

Thanks
Nacht
LVL 1
nachtmskAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnCommented:
You can't get a persons password from AD as the default encryption is not reversible.  

You used to be able to specify reversible encryption, but I never used it before.  I don't know if it is still available although I'd expect it is for backwards compatibility.  But it is a security weakness and should't be used without serious consideration of the pro's and cons.  

Trying to switch AD to reversible encryption won't allow you to get a password out.  I believe they'd all need to be reset to start using the reversible encryption.  Even if you did this, I don't know of a powershell cmdlet to reverse the encryption.  

In any case, the best approach to get a password out of AD would be to grab the hashes and use john the ripper or some other similar method.  


You COULD download rainbow tables and crack them that way, but it's a lot of work.

 
So the short answer is no you can't.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JohnCommented:
Sorry, forgot to mention (just in case you weren't aware) Exchange doesn't store passwords.  They are stored in Active Directory (AD), hence my answer referencing AD instead of Exchange.
0
nachtmskAuthor Commented:
Thanks John. That's what I thought. I was having a discussion with someone of dubious Exchange knowledge and they swore that one could easily extract a mailbox password.
0
nachtmskAuthor Commented:
Oh yeah, I know they are stored in AD. I should have said that as opposed to Exchange. Thanks!
0
JohnCommented:
No problemo :-)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.