asked on get a list of AD users who are using weak passwords for windows 2012R2 domain
is there any method to get a list of AD users who are using weak passwords for windows 2012R2 domain.
PowershellWindows OSWindows Server 2012Active DirectoryScripting Languages
Last Comment
Shaun Vermaak
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
technically there is no way to retrieve user passwords using a script or via GUI. actually there is no such an API or backdoor available from Windows at all.
as mentioned above by Alex, just simply apply complex password for each user via GPO.
as mentioned above by Alex, just simply apply complex password for each user via GPO.
Please don't close your questions so quickly...
I have written 3 articles on this. It is a very easy process with DSInternals
How to create an Intelligent Password Policy for Active Directory
https://www.experts-exchange.com/articles/33078/How-to-create-an-Intelligent-Password-Policy-for-Active-Directory.html
Password Synchronization from one Active Directory Domain to another using DSInternals
https://www.experts-exchange.com/articles/32998/Password-Synchronization-from-one-Active-Directory-Domain-to-another-using-DSInternals.html
How to extract hashes from IFM backup
https://www.experts-exchange.com/articles/29569/How-to-extract-hashes-from-IFM-backup.html
I have written 3 articles on this. It is a very easy process with DSInternals
How to create an Intelligent Password Policy for Active Directory
https://www.experts-exchange.com/articles/33078/How-to-create-an-Intelligent-Password-Policy-for-Active-Directory.html
Password Synchronization from one Active Directory Domain to another using DSInternals
https://www.experts-exchange.com/articles/32998/Password-Synchronization-from-one-Active-Directory-Domain-to-another-using-DSInternals.html
How to extract hashes from IFM backup
https://www.experts-exchange.com/articles/29569/How-to-extract-hashes-from-IFM-backup.html
You COULD obtain a copy of lophtcrack. This will attempt to try thousands of "common" passwords, and usually manages to guess a few in a large environment. Since this is CPU intensive, it is best run on a machine with a powerful CPU and graphics card.No need. Hashkiller has over 829.726 billion hashes available online
technically there is no way to retrieve user passwords using a script or via GUI. actually there is no such an API or backdoor available from Windows at all.There is to get password hash. It is the same as what is used when syncing password hashes to cloud providers. You don't even need DA rights, only directory sync rights
Don't be nice to your users, employ a complex password using group policy on your default domain policy and then run a script to force password change on next logon.Be nice to your users. Even Password1 is considered a complex 8 character password according to AD and Password1Password1 a complex 16 character password
There is to get password hash
whats the specific Windows API to get a password hascose?
i am thinking it could be backdoor for the system as it is possible to retrieve a user’s password after comparing the password hash with other hash codes agaisnt existing, known passwords.
whats the specific Windows API to get a password hascose?The same process Azure Active Directory Connect etc. uses when syncing password hashes. Read more on https://www.dsinternals.com/
It is opensource so go have a look https://github.com/MichaelGrafnetter/DSInternals
Sorry, https://www.dsinternals.com/
You COULD obtain a copy of lophtcrack. This will attempt to try thousands of "common" passwords, and usually manages to guess a few in a large environment. Since this is CPU intensive, it is best run on a machine with a powerful CPU and graphics card.
It is kinda expensive, but there is a 15 day demo if you just want to do a one-off audit. (Edited, demo version is 15 days, not 30)
http://www.l0phtcrack.com/