Migrating Active Directory Passwords

Welcome Forums General PowerShell Q&A Migrating Active Directory Passwords

This topic contains 2 replies, has 3 voices, and was last updated by

 
Participant
3 weeks, 6 days ago.

  • Author
    Posts
  • #179088

    Participant
    Topics: 50
    Replies: 51
    Points: 279
    Rank: Contributor

    Wondering if anyone has had any experience or knows of a beginning PS topic of research regarding Extracting/Migrating Active Directory password hashes.

    Summary:

    My company hosts a remote environment where a client can RDP / Citrix into our terminal server cluster to access their hosted application resources.   Often, these clients have their own local Active Directory Domain with their own set of passwords.  These clients frequently get confused where they believe they use their local AD account to try to authenticate to their remote hosted environment and not sure why they can't login.

    End game is that I would like to have something that will extract their hashed password on their local domain and automatically import that hash to their remote hosted environment so both accounts are always in sync.

    I have no desire to recover the original password, but just to move the hash from one AD structure to another.

    I have been reading about the unicodePwd password attribute, but not sure if  this is the correct starting point regarding this problem.

    https://social.technet.microsoft.com/Forums/ie/en-US/63e3cf2d-f186-418e-bc85-58bdc1861aae/view-password-hash-in-active-directory?forum=winserverfiles

     

     

     

     

     

  • #179121

    Participant
    Topics: 4
    Replies: 76
    Points: 91
    Helping Hand
    Rank: Member
  • #179130

    Participant
    Topics: 9
    Replies: 425
    Points: 691
    Helping Hand
    Rank: Major Contributor

    You can use MIM to sync user accounts from one AD domain to another (including passwords)

You must be logged in to reply to this topic.