Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Recovering a password in Active Directory

Status
Not open for further replies.

ScottWIT

IS-IT--Management
May 22, 2007
145
US
I come from an environment where I stored the user passwords and knew all of them... now however I'm at a place where the users are creating their own passwords and I have no list of them. I need a way to find out various passwords at times for obvious reasons. What is the best way to go about doing that in AD instead of just resetting them?

 
I can't think of any "obvious" reasons to need to know someone's passwords. Can you explain further what these "obvious" reasons are?

Domain administrators can log-in and see anything on any device on the domain, so there really is no reason to need someone else's password.
 
Haha... I am getting the feeling you think I am not a Network Admin. I am, but I freely admit I'm still new (3 years into it) so I likely don't have all of the knowledge you do yet which is why I'm asking this question.

Here's an example... I started here 5 months ago and somebody today asked me the password for a login that was created before I got here. It's a login that tech support people will use on occasion. I didn't know it so how can I find out without resetting it?

 
you don't. Reset it if needed.

Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
 
ok, if that's the general thinking among most admins then i'm fine with that. the only risk is if i reset a password on a login that is still active then they will be locked out but having them call me is not the end of the world i suppose.

 
If it's a generic account that many people use, the user should be able to ask one of the other folks what the password is. Otherwise resetting it and communicating the new password to the group is the only thing I know.

Good luck,
 
i agree - the only time i use a user's account for troubleshooting is when they are present.

i make sure to tell people that i can't see their current password, but if necessary i can reset it.

i don't think it would be wise to be able to impersonate anyone on the network - there is a difference between acting as a user and having access to user resources...
 
As long as it is not an account used to start a service on a server, there should be no issues resetting the password.

--------------------------------------
"Insert funny comment in here!"
--------------------------------------
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top