Before you jump to conclusions, let me explain. We have a password reset tool that is not working. For some reason when you use it, it resets your password to some unknown value (Not what you changed it to, or what it was before). I have setup a test "user" in the appropriate OU, and I want to be able to see what the reset tool is changing the password to. That way maybe I can maybe understand what's going on. Any help would be greatly appreciated.
Active Directory – Methods to See an Active Directory Password
active-directoryhashpasswordpassword-recoverypassword-reset
Best Answer
AD passwords (just like Windows ones) are stored using non-reversible encryption, so the standard answer is a definite "NO".
There is a GPO settings that will tell AD (or any Windows system) to store passwords using reversible encryption, but there is no built-in tool to decrypt them (although there is some documentation floating around on how to do that). Of course, this is exactly as insecure as it looks.