Import-Module DSInternals
$pwd = ConvertTo-SecureString 'Pa$$W0rd' -AsPlainText -Force
# Calculate the NT and LM hashes
ConvertTo-NTHash $pwd
# Output: 92937945b518814341de3f726500d4ff
ConvertTo-LMHash $pwd
# Output: 727e3576618fa1754a3b108f3fa6cb6d
# Set AD account password hash using the SAMR protocol
Set-SamAccountPasswordHash -SamAccountName john -Domain ADATUM -NTHash '92937945b518814341de3f726500d4ff' -Server dc1.adatum.com
# Calculate the OrgId hash, that is sent to Azure Active Directory by DirSync
ConvertTo-OrgIdHash -NTHash '92937945b518814341de3f726500d4ff'
# Output: v1;PPH1_MD4,f76bc776428002f87f4b,100,0ab46c4a6351db87cc13323bb01eea073c90a52e376fffca559e57fbb19a441a;
# Decrypt a password from Group Policy Preferences
ConvertFrom-GPPrefPassword 'v9NWtCCOKEUHkZBxakMd6HLzo4+DzuizXP83EaImqF8'
# Output: Pa$$w0rd
# Decrypt a password from an unattend.xml file
ConvertFrom-UnattendXmlPassword 'UABhACQAJAB3ADAAcgBkAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAUABhAHMAcwB3AG8AcgBkAA=='
# Output: Pa$$w0rd