合法管理员如何在ActiveDirectory中获取用户密码? [英] How does a legitmate administrator get a user's password in ActiveDirectory?
本文介绍了合法管理员如何在ActiveDirectory中获取用户密码?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
如果密码以可逆加密存储在Active Directory中,那么管理员/开发人员如何提取和解密该密码?
If a password is stored with reversable encryption in Active Directory, how does an administrator/developer extract and decrypt this password?
具体地说,我指的是此设置.
Specifically, I'm referring to this setting.
推荐答案
尽管Dirk的回答是正确的,但是RevDump工具仅适用于Windows Server 2003,因为Windows的较新版本将可逆加密的密码存储在工具 +.
Although Dirk's answer is correct, the RevDump tool only works on Windows Server 2003, as newer versions of Windows store the reversibly encrypted passwords in a different way. Therefore I have created a new tool that supports Windows Server 2008+.
最简单的用法示例:
Get-ADReplAccount -SamAccountName April -Domain Adatum -Server LON-DC1
样本输出(部分):
DistinguishedName: CN=April Reagan,OU=IT,DC=Adatum,DC=com
Sid: S-1-5-21-3180365339-800773672-3767752645-1375
SamAccountName: April
SamAccountType: User
NTHash: 92937945b518814341de3f726500d4ff
SupplementalCredentials:
ClearText: Pa$$w0rd
这篇关于合法管理员如何在ActiveDirectory中获取用户密码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文