blocks|key|1010983|text|很简单，你不能。密码并不是存储在几乎所有的身份验证系统中。取而代之的是，它们被转换成一个“散列”，然后存储起来。然后，当您想要证明您知道密码时，您可以使用相同的算法将您键入的密码转换为散列，并将其与存储的数据进行比较。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1010984|一些使用公钥/私钥来执行散列，一些使用替代算法。它们都不能将哈希值“反转换”回原来的密码。|1010985|entityMap^0|0|0^^$0|@$1|2|3|4|5|6|7|F|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|G|8|@]|9|@]|A|$]]|$1|D|3|-4|5|6|7|H|8|@]|9|@]|A|$]]]|E|$]]

Simple, you cannot. Passwords are not stored in nearly all authentication systems. Instead, they are converted into a 'hash' that is stored instead. Then, when you want to prove that you know the password, you convert the password you type into a hash using the same algorithm and compare that to the stored data. 

Some use public/private keys to perform the hashing, some use alternative algorithms. None of them can "un-convert" the hash back into the original password.

blocks|key|1010964|text|管理员无权访问用户密码，只能更改用户密码。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1010965|entityMap^0|0^^$0|@$1|2|3|4|5|6|7|D|8|@]|9|@]|A|$]]|$1|B|3|-4|5|6|7|E|8|@]|9|@]|A|$]]]|C|$]]

Administrators do not have access to users passwords, only the ability to change them.

blocks|key|3135051|text|您需要拥有对域控制器的管理访问权限才能获得哈希。然后，您将需要使用散列破解器，例如Cain，以查看是否可以恢复密码。如果密码不简单，这可能需要几天或几年的时间。|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|3135052|请注意，这在大多数情况下是非法的，通常是重置密码而不是恢复密码。|3135053|entityMap|0|LINK|mutability|MUTABLE|url|http://www.oxid.it/cain.html^0|15|4|0|0|0^^$0|@$1|2|3|4|5|6|7|N|8|@]|9|@$A|O|B|P|1|Q]]|C|$]]|$1|D|3|E|5|6|7|R|8|@]|9|@]|C|$]]|$1|F|3|-4|5|6|7|S|8|@]|9|@]|C|$]]]|G|$H|$5|I|J|K|C|$L|M]]]]

You'll need administrative access to a domain controller to get the hashes. You'll then need to use a hash cracker, such as <a href="http://www.oxid.it/cain.html" rel="nofollow noreferrer">Cain</a>, to see if you can recover the passwords. If the password is not simple, this could take days or years.

Note that this is illegal in most situations, and it's usual to reset passwords rather than recover them.

blocks|key|819030|text|您无法获取存储在Active+Directory中的密码，因为它们存储为哈希。您可以在Active+Directory中了解密码的唯一时间是在设置密码时，但为此您需要设置密码筛选器，并且要将密码筛选器设置到位，您必须是域控制器上的管理员。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|819031|您也不能更改用户的密码，因为更改密码需要知道用户的现有密码。您只能重置用户的密码，但为此，您需要对该用户帐户具有重置密码权限。|819032|重置用户密码是一项通常委派给初级管理员的管理任务，在大多数情况下，委派的管理员可以重置用户帐户密码。|819033|如果感兴趣，这里有关于更改Active+Directory用户帐户密码和重置Active+Directory用户帐户密码之间的区别的很好的讨论：|819034|http://www.activedirsec.org/t43140076/what-is-the-difference-between-the-change-password-and-reset/|offset|length|819035|entityMap|0|LINK|mutability|MUTABLE|url^0|0|0|0|0|0|2R|0|0^^$0|@$1|2|3|4|5|6|7|S|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|T|8|@]|9|@]|A|$]]|$1|D|3|E|5|6|7|U|8|@]|9|@]|A|$]]|$1|F|3|G|5|6|7|V|8|@]|9|@]|A|$]]|$1|H|3|I|5|6|7|W|8|@]|9|@$J|X|K|Y|1|Z]]|A|$]]|$1|L|3|-4|5|6|7|10|8|@]|9|@]|A|$]]]|M|$N|$5|O|P|Q|A|$R|I]]]]

You cannot get the password stored in Active Directory because they are stored as hashes. The only time you can learn of a password in Active Directory is when it is being set, but for that you need a password filter in place, and to put the paassword filter in place, you have to be an admin on a Domain Controller.

You can also not change a user's password because changing a password requires that you know the user's existing password. You can only reset a user's password, but for that you need to have Reset Password rights on the user account.

Resetting a user's password is an administrative task that is often delegated to junior administrators, and in most cases delegated admins can reset user account passwords.

If interested, there is a good discussion about the difference between changing an Active Directory user account password and resetting an Active Directory user account password here:

<a href="http://www.activedirsec.org/t43140076/what-is-the-difference-between-the-change-password-and-reset/" rel="nofollow">http://www.activedirsec.org/t43140076/what-is-the-difference-between-the-change-password-and-reset/</a>

blocks|key|3135180|text|默认情况下，active+directory配置为使用哈希算法来存储用户密码。但是，您可以覆盖该默认设置，转而使用对称(可逆)加密。这确实允许通过可用的标准API检索密码。使用AD进行对称加密的Here's+a+link。|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|3135181|此外，正如另一个帖子提到的那样，您可以利用密码过滤器来捕获密码更改以及用户更改新密码时的新密码。除此之外，还必须重置密码。哈希不是用来破坏或恢复的，这才是关键所在。|3135182|entityMap|0|LINK|mutability|MUTABLE|url|http://technet.microsoft.com/en-us/library/cc784581%2528WS.10%2529.aspx^0|2P|D|0|0|0^^$0|@$1|2|3|4|5|6|7|N|8|@]|9|@$A|O|B|P|1|Q]]|C|$]]|$1|D|3|E|5|6|7|R|8|@]|9|@]|C|$]]|$1|F|3|-4|5|6|7|S|8|@]|9|@]|C|$]]]|G|$H|$5|I|J|K|C|$L|M]]]]

By default active directory is configured to utilize a hashed algorithm to store user passwords. You can however override that default and utilize symmetric (reversible) encryption instead. This does allow for the password to be retrieved via the standard APIs available. <a href="http://technet.microsoft.com/en-us/library/cc784581%28WS.10%29.aspx" rel="nofollow">Here's a link</a> on symmetric encryption with AD.

In addition, as another poster mentioned you can utilize a password filter to capture password changes and the new passwords when users change them. Other than that passwords must be reset. Hashes are not meant to be broken or recovered, thats the whole point.

blocks|key|818913|text|通过受支持的应用编程接口，您不能从Active+Directory读取密码，但您可以在通过实现Password+Filter设置密码的时间点获得密码。|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|818914|entityMap|0|LINK|mutability|MUTABLE|url|http://msdn.microsoft.com/en-us/library/ms721882%2528v=vs.85%2529.aspx^0|1B|F|0|0^^$0|@$1|2|3|4|5|6|7|L|8|@]|9|@$A|M|B|N|1|O]]|C|$]]|$1|D|3|-4|5|6|7|P|8|@]|9|@]|C|$]]]|E|$F|$5|G|H|I|C|$J|K]]]]

Programmatically through supported API's you can't read the passwords from Active Directory but you can get to the passwords at the point in time when they are set by implementing a <a href="http://msdn.microsoft.com/en-us/library/ms721882%28v=vs.85%29.aspx" rel="nofollow">Password Filter</a>.

blocks|key|3134995|text|考虑到这是一个密码，我非常怀疑这是否可能。但是你可能会更幸运地在ServerFault中问到这个问题|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|3134996|我不确定你是否能够访问，但一旦它超过测试版，你就可以注册了。|3134997|entityMap|0|LINK|mutability|MUTABLE|url|https://serverfault.com/^0|W|B|0|0|0^^$0|@$1|2|3|4|5|6|7|N|8|@]|9|@$A|O|B|P|1|Q]]|C|$]]|$1|D|3|E|5|6|7|R|8|@]|9|@]|C|$]]|$1|F|3|-4|5|6|7|S|8|@]|9|@]|C|$]]]|G|$H|$5|I|J|K|C|$L|M]]]]

I doubt very much if this is possible considering it is a password. But you might have better luck asking this in <a href="https://serverfault.com/">ServerFault</a>?

I'm not sure if you will be able to get access, but once its out of beta you'll be able to register.

How can i get the password for a user from Active Directory

Active Directory

翻译质量差，导致语言生硬或混乱。

没有提供实际的解决方法或示例。

解答不清晰，无法理解或解决问题。

页面排版不美观，阅读体验差。

文章

问答

视频

教程

学习中心

腾讯云实验室

直播

竞赛

腾讯云代码分析专区

腾讯iOA零信任安全管理系统专区

腾讯云架构师技术同盟交流圈

腾讯云数据库专区

腾讯云智能顾问专区

腾讯云原生专区

腾讯混元专区

腾讯云TCE专区

腾讯云Lighthouse专区

腾讯云HAI专区

腾讯云Edgeone专区

腾讯云存储专区

腾讯云智能专区

腾讯轻联专区 

腾讯云开发专区

TAPD专区

腾讯轻量云游戏服专区

腾讯云最具价值专家

腾讯云架构师技术同盟

腾讯云创作之星

腾讯云开发者先锋

腾讯云AI代码助手

云原生构建

TAPD 敏捷项目管理

Cloud Studio

SDK中心

API中心

命令行工具

功能1上新10个字符

功能2描述100个字符功能2描述100个字符功能2描述100个字符功能2描述100个字符功能2描述100个字符功能2描述100个字符功能2描述100个字符功能2描述100个字符功能2描述100个字符。

功能2上新100个字符功能2上新100个字符功能2上新100个字符功能2上新100个字符功能2上新100个字符功能2上新100个字符功能2上新100个字符功能2上新100个字符功能2上新100个字符。

功能5描述100个字符功能5描述100个字符功能5描述100个字符功能5描述100个字符功能5描述100个字符功能5描述100个字符

功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符

功能4上新

文章&问答评论现已支持表情

全新交互，全新视觉，新增快捷键、悬浮工具栏、高亮块等功能并同时优化现有功能，全面提升创作效率和体验

社区富文本编辑器全新改版！诚邀体验～ 

精选全网热门MCP server，让你的AI更好用 🚀

💥开发者 MCP广场重磅上线！

涵盖代码开发、场景应用、自动测试全流程，助你从零构建专属AI助手

一站式MCP教程库，解锁AI应用新玩法

聚焦“写作效率、视觉美观与运行性能”三方面进行全面升级，为您提供更高效、稳定的创作环境

社区富文本&Markdown编辑器全新改版上线，欢迎大家体验!

诚挚邀请您参与本次调研，分享您的真实使用感受与建议。您的反馈至关重要，感谢您的支持与参与！

社区新版编辑器体验调研

如何从Active Directory获取用户的密码

问Active Directory
EN

回答 7

Stack Overflow用户

Stack Overflow用户

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问Active DirectoryEN

回答 7

Stack Overflow用户

Stack Overflow用户

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问Active Directory
EN