Set Active Directory password hash to SHA1?

Question

Set Active Directory password hash to SHA1?

I synchronize users from an external system to ours. I need to set a user password in our Active Directory.

I get only SHA1 passwords of external users, and there setPasswordwill be a hash no matter what I enter.

Does the user set the unicodePwdactual hash field?
- If so, can I just set it to the provided hash?
- If not, how / can I set the hash stored in Active Directory?

+5

passwords hash active-directory

sre Jul 22 '10 at 2:09

source share

3 answers

, , , . / AD, :

100% , LDAP , , - .

0

ShaMan-H_Fel 02 . '12 13:28

AD . , DC , , MD4, MD5, PBKDF2 (4096 * SHA1) . , (NTLM, Kerberos, Digest,...) -, AD .

AD: unicodePwd, dBCSPwd, lmPwdHistory, ntPwdHistory Credentials. LDAP ADSI. PowerShell, :

Get-ADReplAccount -SamAccountName John -Domain Contoso -Server LON-DC1

MD4 ( AKA NT) AD SAMR. , , PowerShell.

NT, PowerShell:

$hash = ConvertTo-NTHash (Read-Host -AsSecureString)

, , NT AD:

Set-SamAccountPasswordHash -SamAccountName john -Domain ADATUM -NTHash $hash -Server dc1.adatum.com

These commands can be used to transfer passwords between local and domain accounts or between AD and Samba. But be careful, Kerberos-AES and WDigest authentication will not work with this account, only NTLM and Kerberos-RC4.

0

Michael grafnetter Aug 05 '15 at 6:24

source share

JPBlanc · Accepted Answer · 2011-11-07T22:05:32+0000

, unicodePwd . userPasswd, , , Active-Directory.

Set Active Directory password hash to SHA1?

More articles: