Re: Password management on Windows Domain Controller

From: S. Pidgorny (slavickp_at_yahoo.com)
Date: 10/11/04 

Date: Mon, 11 Oct 2004 21:28:33 +1000

In the Active Directory database.

How to prevent Windows from storing a LAN manager hash of your password in
Active Directory and local SAM databases:
http://support.microsoft.com/?id=299656 

-- 
Svyatoslav Pidgorny, MVP, MCSE
-= F1 is the key =-
"SysTray" <SysTray@discussions.microsoft.com> wrote in message
news:D7949E03-5A77-4B96-B75B-9E1A293D1699@microsoft.com...
> Hy Miha
>
> Where are domain user's hashes on domain controller's located? Do you have
> the exact location?
>
> Thaaaaanks
>
> Marcel
>
> "Miha Pihler" wrote:
>
> > Hi Leena,
> >
> > By default Windows will store passwords as LM Hash (as long as they are
> > longer then 14 characters) and NTLM hash. LH Mashes are less secure and
can
> > be usually cracked within two days or less if users use only normal set
of
> > characters (but it also depends on hardware where you crack)... This is
not
> > only on domain controllers, but also on local computers from e.g.
Windows NT
> > 4.0 forward...
> >
> > I usually use tools like LC5 from @Stake to retrieve domain user's
hashes on
> > domain controller. For local users account that are stored in SAM
database
> > you can use tools like PWDump2.
> >
> > Mike
> >
> > "Leena" <Leena@discussions.microsoft.com> wrote in message
> > news:BEA7ABE8-AFDE-4585-BE65-084B7192DF5A@microsoft.com...
> > > Hi All,
> > > Does anybody know where the domain user passwords are stored on a
Windows
> > > Domain Controller?
> > > According to my investigation, on Windows systems instead of storing
the
> > > passwords directly, password hashes (i.e. encrypted passwords) are
stored
> > on
> > > the system. I would like to know where they are stored in Active
directly
> > and
> > > is it possible to retrieve them.
> > > I know that there are these three attributes in the Active directory
> > schema
> > > - userPassword, dbcsPwd and unicodePwd, which are used to store
password
> > > related information. But I m not sure how these attributes are used by
the
> > > system and is it possible to retrieve their values.
> > >
> > > Any help on this would be appreciated.
> > > Leena
> > >
> >
> >
> >

Relevant Pages

  • Re: AD sites and services
    ... A search for "Active Directory Sites" yeilds the following: ... After an Unsuccessful Domain Controller Demotion" ... http://support.microsoft.com?kbid=220140 "FRS Replication Protocol and Topology ... Windows 2000 Domain Controllers" ...
    (microsoft.public.win2000.active_directory)
  • Re: Knowledge Consistency Checker (Urgent !!!)
    ... You don't mention whether you're using windows 2000 or 2003. ... Setting up the domain name system for active directory: ... > that the system can infer a route by which this Partition ... Add an ntdsConnection object to a Domain Controller ...
    (microsoft.public.win2000.active_directory)
  • Re: Upgrading from windows 2000 to windows 2003
    ... I am having windows 2000domain controller, ... "The Active Directory Installation Wizard cannot continue because the forest ...
    (microsoft.public.windows.server.active_directory)
  • Re: Cannot join domain by Windows XP Tablet Edition
    ... When I try to join the Windows 2003 Active Directory Domain, ... domain controller for the domain could not be contacted". ... How is name resolution setup on this computer? ...
    (microsoft.public.windowsxp.network_web)
  • Re: SBS 2003: adding as a PDC:
    ... I want to add my SBS server as a PDC to a Windows 2003 Standard ... Domain controller already running active directory. ... Please more completely describe your existing "Domain" and what part Samba ...
    (microsoft.public.windows.server.sbs)