Re: Export Passwords from AD

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Google does support SAML and I have gotten that to work. However there are several drawbacks to that method. Some are:
- Non-web based services (e.g. IMAP or POP access) at Google can't use SAML
- I have to write my own code to make SAML work on server 2003 (I'm not opposed to doing this its just extra time to do it)
- I have to expose an otherwise unexposed web server in order to use SAML

The first drawback is really the show stopper.

I have seen stuff like this: http://acctsync.sourceforge.net that make me think this is somehow possible (without "hacking" style "password extraction"). If nothing else, there is this password filter DLL: http://passwdhk.sourceforge.net.

And I'm still wondering if MIIS and / or ILM can export password hashes or clear text passwords from an AD?

Joe Kaplan wrote:
There is no supported way to do this or a public API that allows it, especially via LDAP. I'll leave the finer point as to whether it would be considered hacking alone as that is more of a judgement call. Michael's point is the most important one though. It probably won't help. To do what is required, you would probably need to reverse engineer the plaintext passwords and rehash them. There are also tools (probably also considered hacking) that can attempt to do this as well.

A much better solution would be to look into an SSO solution. Doesn't Google support SAML protocol? Unfortunately I don't think they support WS-Federation, so ADFS would not work here. That's a shame.

.