How I record users password in DB inside AD

rg

Distinguished
Apr 14, 2004
96
0
18,630
Archived from groups: microsoft.public.win2000.advanced_server (More info?)

Dear Sir,

I need to record users's passwords on DB inside the AD or extract it from
the AD. every time the user resetting his/her password must be recorded in DB
or (even TXT file) to facilitate the addministraton , If this applicable and
how it can be done, what tools or scripting.

Thank You,
RG
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.advanced_server (More info?)

Why?

My basic response without understand why is , no you don't. This is horrible
security, actually it is almost a complete lack of security. The only person who
should know the password is the person who owns the account. It definitely
shouldn't be recorded somewhere else in clear text.

Admins do not need to have the password of users in order to admin.

joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net


RG wrote:
> Dear Sir,
>
> I need to record users's passwords on DB inside the AD or extract it from
> the AD. every time the user resetting his/her password must be recorded in DB
> or (even TXT file) to facilitate the addministraton , If this applicable and
> how it can be done, what tools or scripting.
>
> Thank You,
> RG
 

rg

Distinguished
Apr 14, 2004
96
0
18,630
Archived from groups: microsoft.public.win2000.advanced_server (More info?)

I am a system administrator and i need the passwords simulate user logon
status for any reported problems. which enable me to diagnose and do
modification and troubleshooting users profiles, archived thier mailboxes,
configuring printers, ....etc. and also i need to develop a registeration
system that record the password and resend it to users. that is why i need to
record passwords.

Thank You,
RG

"Joe Richards [MVP]" wrote:

> Why?
>
> My basic response without understand why is , no you don't. This is horrible
> security, actually it is almost a complete lack of security. The only person who
> should know the password is the person who owns the account. It definitely
> shouldn't be recorded somewhere else in clear text.
>
> Admins do not need to have the password of users in order to admin.
>
> joe
>
> --
> Joe Richards Microsoft MVP Windows Server Directory Services
> www.joeware.net
>
>
> RG wrote:
> > Dear Sir,
> >
> > I need to record users's passwords on DB inside the AD or extract it from
> > the AD. every time the user resetting his/her password must be recorded in DB
> > or (even TXT file) to facilitate the addministraton , If this applicable and
> > how it can be done, what tools or scripting.
> >
> > Thank You,
> > RG
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.advanced_server (More info?)

I still don't agree you need it. I managed a Fortune 5 company with some 250,000
userids. I knew the passwords of my normal account and my admin account, period.
Mail admins have backend access to mailboxes, if you use Exchange there are tons
of ways of getting into a user's mailbox without the password.

Passwords shouldn't be resent to users, basically if they forget, they get their
password reset and the new temporary password is sent to them that they have to
change immediately.

If you still want to go this way, consider just setting the passwords for the
users and telling them what their password is, you have the same level of
security. The nice thing is that the users never forget that you have their
password.

From your standpoint, you don't want the passwords because if anything happens
to their account or seems to come from their account, you can always be under
suspicion. For instance say an employee sends an email to your boss saying he is
a moron and should be killed. They can easily say it wasn't them, but instead
you and you couldn't prove otherwise.

joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net


RG wrote:
> I am a system administrator and i need the passwords simulate user logon
> status for any reported problems. which enable me to diagnose and do
> modification and troubleshooting users profiles, archived thier mailboxes,
> configuring printers, ....etc. and also i need to develop a registeration
> system that record the password and resend it to users. that is why i need to
> record passwords.
>
> Thank You,
> RG
>
> "Joe Richards [MVP]" wrote:
>
>
>>Why?
>>
>>My basic response without understand why is , no you don't. This is horrible
>>security, actually it is almost a complete lack of security. The only person who
>>should know the password is the person who owns the account. It definitely
>>shouldn't be recorded somewhere else in clear text.
>>
>>Admins do not need to have the password of users in order to admin.
>>
>> joe
>>
>>--
>>Joe Richards Microsoft MVP Windows Server Directory Services
>>www.joeware.net
>>
>>
>>RG wrote:
>>
>>>Dear Sir,
>>>
>>>I need to record users's passwords on DB inside the AD or extract it from
>>>the AD. every time the user resetting his/her password must be recorded in DB
>>>or (even TXT file) to facilitate the addministraton , If this applicable and
>>>how it can be done, what tools or scripting.
>>>
>>>Thank You,
>>>RG
>>