{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 The star\" 的问题《Active Directory [closed]》','https://www.manongdao.com/q-795141.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
How can i get the password for a user from Active Directory
相关问题
- How can I implement password recovery in an iPhone
- java client program to send digest authentication
- Active Directory on-prem Manager
- PHP persistent login - Do i reissue a cookie after
- How can I set the SVN password with Emacs 23.1 bui
相关文章
- getting user details from AD is slow
- TeamCity Username / password
- User.Identity.IsAuthenticated vs WebSecurity.IsAut
- SwiftUI - Vertical Centering Content inside Scroll
- Override UserManager in django
- Your application has authenticated using end user
- Access Token for Dockerhub
- Django: Creating a superuser with a custom User mo
Simple, you cannot. Passwords are not stored in nearly all authentication systems. Instead, they are converted into a 'hash' that is stored instead. Then, when you want to prove that you know the password, you convert the password you type into a hash using the same algorithm and compare that to the stored data.
Some use public/private keys to perform the hashing, some use alternative algorithms. None of them can "un-convert" the hash back into the original password.
Administrators do not have access to users passwords, only the ability to change them.
You cannot get the password stored in Active Directory because they are stored as hashes. The only time you can learn of a password in Active Directory is when it is being set, but for that you need a password filter in place, and to put the paassword filter in place, you have to be an admin on a Domain Controller.
You can also not change a user's password because changing a password requires that you know the user's existing password. You can only reset a user's password, but for that you need to have Reset Password rights on the user account.
Resetting a user's password is an administrative task that is often delegated to junior administrators, and in most cases delegated admins can reset user account passwords.
If interested, there is a good discussion about the difference between changing an Active Directory user account password and resetting an Active Directory user account password here:
http://www.activedirsec.org/t43140076/what-is-the-difference-between-the-change-password-and-reset/
You'll need administrative access to a domain controller to get the hashes. You'll then need to use a hash cracker, such as Cain, to see if you can recover the passwords. If the password is not simple, this could take days or years.
Note that this is illegal in most situations, and it's usual to reset passwords rather than recover them.
I doubt very much if this is possible considering it is a password. But you might have better luck asking this in ServerFault?
I'm not sure if you will be able to get access, but once its out of beta you'll be able to register.
Programmatically through supported API's you can't read the passwords from Active Directory but you can get to the passwords at the point in time when they are set by implementing a Password Filter.