Any way to see an Active Directory password?

Solution 1:

AD passwords (just like Windows ones) are stored using non-reversible encryption, so the standard answer is a definite "NO".

There is a GPO settings that will tell AD (or any Windows system) to store passwords using reversible encryption, but there is no built-in tool to decrypt them (although there is some documentation floating around on how to do that). Of course, this is exactly as insecure as it looks.

Solution 2:

If you need to see the plain text of what it's setting it to, and you can't get the reset tool to spit that info out itself, then you have two options: enabling reversible encryption, or using a password filter.

With reversible encryption, you can get at the original password, but it's not a pleasant process.

With a password filter, you can dump out all password changes to text, but that's obviously not a good thing for security when it comes to your non-test users.

If you only need to see the hash to see if it was set correctly, though, then you can dump the hash database and compare.