Is there a way I can audit AD to check for a particular password?
We used to use a "standard" password for all new users (e.g. MyPa55word). I want to make sure this is no longer in use anywhere on our estate.
The only way I could think how to do this would be to either a) audit the directory somehow for any users with this password or b) set up a GP that specifically disallowed this password (ideally this would then prompt users to reset their password.)
Anyone have any tips on how I can approach this?
Ta,
Ben
Best Answer
Here are a couple of ideas-- neither of them really very good (from the perspetive that they might set off anti-virus or intrusion detection alarms):
You can dump the password hashes out of Active Directory and run a password cracker on them. Cain and Abel can do the cracking for you. You can get the hashes out with fgdump. Beware-- both of these utilities will probably set off alarm bells in your antivirus software.
You could write a simple script to iterate over the output of a user list, checking for valid passwords using the "NET USE" command. Use something like this:
Put the userlist into "userlist.txt" (one username per line), set the variables at the top of the script to refer to a path the user should be able to "map" a "drive" to, and make sure that the PC you're running it on doesn't have any other "drives" "mapped" to the destination server (since a Windows PC only allows one set of credentials to be used for SMB client connections to a given server at a time).
Like I said-- either method is probably not a great idea. >smile<