Link to home
Create AccountLog in
Avatar of Imal Upalakshitha
Imal UpalakshithaFlag for Sri Lanka

asked on

get a list of AD users who are using weak passwords for windows 2012R2 domain

is there any method to get a list of AD users who are using weak passwords for windows 2012R2 domain.
Avatar of Mal Osborne
Mal Osborne
Flag of Australia image

Not easily.

You COULD obtain a copy of lophtcrack. This will attempt to try thousands of "common" passwords, and usually manages to guess a few in a large environment. Since this is CPU intensive, it is best run on a machine with a  powerful CPU and graphics card.

It is kinda expensive, but there is a 15 day demo if you just want to do a one-off audit.  (Edited, demo version is 15 days, not 30)

http://www.l0phtcrack.com/
ASKER CERTIFIED SOLUTION
Avatar of Alex
Alex
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
technically there is no way to retrieve user passwords using a script or via GUI. actually there is no such an API or backdoor available from Windows at all.

as mentioned above by Alex, just simply apply complex password for each user via GPO.
Please don't close your questions so quickly...

I have written 3 articles on this. It is a very easy process with DSInternals

How to create an Intelligent Password Policy for Active Directory
https://www.experts-exchange.com/articles/33078/How-to-create-an-Intelligent-Password-Policy-for-Active-Directory.html

Password Synchronization from one Active Directory Domain to another using DSInternals
https://www.experts-exchange.com/articles/32998/Password-Synchronization-from-one-Active-Directory-Domain-to-another-using-DSInternals.html

How to extract hashes from IFM backup
https://www.experts-exchange.com/articles/29569/How-to-extract-hashes-from-IFM-backup.html

You COULD obtain a copy of lophtcrack. This will attempt to try thousands of "common" passwords, and usually manages to guess a few in a large environment. Since this is CPU intensive, it is best run on a machine with a  powerful CPU and graphics card.
No need. Hashkiller has over 829.726 billion hashes available online

technically there is no way to retrieve user passwords using a script or via GUI. actually there is no such an API or backdoor available from Windows at all.
There is to get password hash. It is the same as what is used when syncing password hashes to cloud providers. You don't even need DA rights, only directory sync rights

Don't be nice to your users, employ a complex password using group policy on your default domain policy and then run a script to force password change on next logon.
Be nice to your users. Even Password1 is considered a complex 8 character password according to AD and Password1Password1 a complex 16 character password
There is to get password hash

whats the specific Windows API to get a password hascose?

i am thinking it could be backdoor for the system as it is possible to retrieve a user’s password after comparing the password hash with other hash codes agaisnt existing, known passwords.
whats the specific Windows API to get a password hascose?
The same process Azure Active Directory Connect etc. uses when syncing password hashes. Read more on https://www.dsinternals.com/
It is opensource so go have a look https://github.com/MichaelGrafnetter/DSInternals
thanks for the clarification.

but are you sure https://dsinternal.com is a workable URL?