We help IT Professionals succeed at work.

Exchange 2016 - Getting Mailbox Passwords

nachtmsk asked
I'm pretty sure I know the answer to this already but I wanted to make sure.
As an Admin in Exchange, is there any simple or even not so simple way to get a users password by either using EMS or EMC? I don't think there is.

Watch Question

You can't get a persons password from AD as the default encryption is not reversible.  

You used to be able to specify reversible encryption, but I never used it before.  I don't know if it is still available although I'd expect it is for backwards compatibility.  But it is a security weakness and should't be used without serious consideration of the pro's and cons.  

Trying to switch AD to reversible encryption won't allow you to get a password out.  I believe they'd all need to be reset to start using the reversible encryption.  Even if you did this, I don't know of a powershell cmdlet to reverse the encryption.  

In any case, the best approach to get a password out of AD would be to grab the hashes and use john the ripper or some other similar method.  

You COULD download rainbow tables and crack them that way, but it's a lot of work.

So the short answer is no you can't.

Sorry, forgot to mention (just in case you weren't aware) Exchange doesn't store passwords.  They are stored in Active Directory (AD), hence my answer referencing AD instead of Exchange.


Thanks John. That's what I thought. I was having a discussion with someone of dubious Exchange knowledge and they swore that one could easily extract a mailbox password.


Oh yeah, I know they are stored in AD. I should have said that as opposed to Exchange. Thanks!

No problemo :-)