Ryan,
If you're asking this because you're doing a
security/password strength analysis sweep, you can use a couple of different
tools to do this (all of which will rely on administrative privileges to
AD). Tools like PWDUMP2 have been updated to pull password hashes from the
active directory, which can then be used with tools like LC4 and John the Ripper
to do the actual dictionary attacks.
pwdump2
John the Ripper
LC4
samdump
Hope this helps,
Richard
From: Robbie Allen
Sent: Tuesday, August 05, 2003 10:27 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Password LookupI don't believe MS does, but there are a few scripts/tools on the net that can be used to do it. Have you enabled password complexity, which prevents the use of dictionary passwords? Do you have account lockout enabled? It is much harder (i.e. time consuming) to perform dictionary attacks against AD if account lockout is turned on.Robbie Allen-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 05, 2003 10:15 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Password Lookup
Does anyone know if Microsoft provides provisions for doing dictionary lookups on passwords?
Thanks!
Ryan McDonald
Systems Administrator
The Bankers Bank