Obtaining the password of an active directory user

[Mario Rodriguez]

Hi people, Does anyone have some idea how to get the password of an active
directory user?

I tried using the DirectorySearcher object to find the user and the
DirectoryEntry.Password property to get the value, but always returns "null"
and I'm totally sure that the password is not null

thanks

 

[Ken Tucker [MVP]]

Mario,

You can not get someones password with code.

Ken

 

[Ray Cassick \(Home\)]

I am not 100% sure but I believe that the password is stored only after it
has been encrypted and the encryption is one way.

To validate a user it takes the password they enter in, encrypts it and then
compares the encrypted results to make sure they match.

This is why the only option an admin has for a person that forgot their
password it to rest it to something instead of telling the user what it is
currently set to.

 

[Paul Clement]

¤ Hi people, Does anyone have some idea how to get the password of an active
¤ directory user?
¤
¤ I tried using the DirectorySearcher object to find the user and the
¤ DirectoryEntry.Password property to get the value, but always returns "null"
¤ and I'm totally sure that the password is not null

The documentation is somewhat misleading. The Password property is used for validating user
credentials and not for retrieving a use's password from AD.


Paul ~~~ (e-mail address removed)
Microsoft MVP (Visual Basic)

 

[Mario Rodriguez]

My situation is the following:

1- I need to change the user password programatically, without the Active
Directory Snap-in (MMC)
2- The application is going to be used by an administrator that shouldn't
know the users passowords
3- I tried with setting the Password property of the DirectoryEntry object
and doesn't throws any exception, but never really change the password, so I
tried
with directoryEntry.Invoke("ChangePassword", new object[] {oldPwd,newPwd });

and works fine, but I have to give the current password

If someone can give any idea how to do that I'll thank you a lot

 

[Willy Denoyette [MVP]]

You should Invoke "SetPassword" to reset a password.

.....
directoryEntry.Invoke("SetPassword", new object[] {newPasswd});

Willy.

My situation is the following:

1- I need to change the user password programatically, without the Active
Directory Snap-in (MMC)
2- The application is going to be used by an administrator that shouldn't
know the users passowords
3- I tried with setting the Password property of the DirectoryEntry object
and doesn't throws any exception, but never really change the password, so
I
tried
with directoryEntry.Invoke("ChangePassword", new object[]
{oldPwd,newPwd });

and works fine, but I have to give the current password

If someone can give any idea how to do that I'll thank you a lot