Finding Weak Active Directory Passwords

January 11, 2017 | Michael Grafnetter

I recently worked with Thycotic to create a program called Weak Password Finder for Active Directory. The goal was to develop a tool that would be very easy to use yet powerful enough to yield actionable results. I think that this combination really makes it unique in the market. It basically does the same as my PowerShell module, but with a nice and shiny user interface:

It generates reports which are suitable for the management:


Of course, you can also drill down through the detailed data:

Here is a quick demo of the tool:

Did I mention that the Weak Password Finder is totally FREE?

3 comments on “Finding Weak Active Directory Passwords

  1. Andres says:

    I love the tool, is there no option to use it offline? With the ntds.dit and SYSTEM files extracted from a DC. That’d be really cool.

  2. Nice post. The password policy within Active Directory enforces password length, complexity, and history. This does not in any way control what the password is, just how long it is and what characters are inside of it. Many people will use easily guessable passwords like Summer2018 or Password!@# because they technically meet the standards but are easy for them to remember.

Leave a Reply

Your email address will not be published.