Interesting What do you mean ? By enabling this feature on the DC all passwords hash will be available in a field I can query ?
If I have 200 domain controllers, I’ve to install it on each domain controller ? thks From: Joel Foote [mailto:[email protected]] Sent: Tuesday, May 13, 2014 1:17 PM To: DER-KRIKORIAN Anthony Cc: [email protected] Subject: Re: [lsc-users] Active Directory password hash sync You can actually install the services for unix and nis packages on the domain controllers. Once setup the hash will be saved in AD on all password changes. You can then expose it via NIS or LDAP (requires and admin account by default) to sync with openldap. On Tue, May 13, 2014 at 8:09 AM, DER-KRIKORIAN Anthony <[email protected]<mailto:[email protected]>> wrote: Hi lsc members I’ve a question concerning Active Directory password hash Is there a way to extract AD password hash (officially, without hack !) and to synchronize it in another directory for example ? I know Microsoft Azure DirSync is capable to do that ! I also know the old technique of Password Filter which requires you to install a component on each domain controller to get the password in Clear Text which I don’t like… Any help is appreciated Thks Anthony DER KRIKORIAN R&D Manager Gemalto Identity & Access Business Line Mobile : +1 512 998 9897<tel:%2B1%20512%20998%209897> Mail : [email protected]<mailto:[email protected]> ________________________________ This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited. E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender. Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected]<mailto:[email protected]> http://lists.lsc-project.org/listinfo/lsc-users ________________________________ This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited. E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender. Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
