Re: Export Passwords from AD

I not saying it is the correct solution. It isn't! I'm just saying it is not impossible and it is considered hacking. If you want to sync passwords between multiple sources, then use something like MS ILM 2007 FP1 and PCNS ("Password Change Notification Service")

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------

"Michael Ströder" <michael@xxxxxxxxxxxx> wrote in message news:l5q046-j01.ln1@xxxxxxxxxxxxxxxxxxx
Irwin Fletcher wrote:
And I'm still wondering if MIIS and / or ILM can export password hashes
or clear text passwords from an AD?

As I already wrote: Something like this is done via password change
interception. I don't know of any AD sync implementation which does it
differently. Extracting NT hashes and conduct dictionary attacks does
not scale well.

So if you implement something like this you have to set all passwords to
expired for enforcing a password change for all users. Or you could do
this one-by-one for users who want to use the Google account.

But I'd strongly recommend not to sync the local AD passwords to Google
anyway.

Ciao, Michael.

.

Relevant Pages

  • Re: Active Directory to ADAM Sync Password question
    ... You can't read passwords out of AD or sync them with ADAMSync. ... I'm confused by your statement as bind proxy objects are designed ... specifically so that you can have an object in ADAM to do a simple bind on ...
    (microsoft.public.windows.server.active_directory)
  • Re: Openldap to AD
    ... How are the passwords stored in your OL implementation? ... I'm thinking that it may be easier to at least one-way sync from OL to AD. ... the account in both places and change passwords in both places. ... is for when I create a new account on openldap to be push to AD, ...
    (microsoft.public.windows.server.active_directory)
  • RE: Event ID 2236 when trying to view .csp page, http error 500
    ... It does sound like your IWAM account's passwords are out of sync. ... Microsoft IIS ... This posting is provided "AS IS" with no warranties, and confers no rights. ...
    (microsoft.public.inetserver.iis)
  • Re: Sync Manager With SQL Express
    ... The storing of passwords was ... now I have found the sync center in Vista and scheduled a sync. ... It started the sync at the correct time, ... to schedule syncs on systems that only have SQL Server Express installed? ...
    (microsoft.public.sqlserver.replication)
  • Re: no /dev/pilot for pilot-link to use
    ... You're saying I should plug it it after I boot? ... are you saying I should hit the sync ... The sequence is pretty odd with the Pilot USB devices. ...
    (linux.redhat.misc)