Cross-Forest Duplicate Password Discovery

March 24, 2020 | Michael Grafnetter

The Test-PasswordQuality cmdlet now supports cross-domain and cross-forest duplicate password discovery and offline password hash comparison against HaveIBeenPwned:

The output of the previous script might look like this (with some parts omitted):

The example above uses the MS-DRSR protocol. Similar results can be achieved by using the Get-ADDBAccount cmdlet to read account information directly from a ntds.dit file.


Leave a Reply

Your email address will not be published.