Get Active Directory users with pwned passwords using PowerShell
The PowerShell script given below will inform whether the password provided has been breached before during cyberattacks. ADSelfService Plus, an Active Directory self-service password management and single sign-on solution, offers an integration with the 'Have I Been Pwned?' service to inform users if the new password provided during the password reset or change has been breached before. Here is a comparison between identifying whether a password has been breached or not using PowerShell and ADSelfService Plus.
With PowerShell
Install-Script -Name Get-PwnedPassword
Once the package has been installed, run this script to determine if the password you provide has been breached or not.
Get-PwnedPassword <enter the password>
With ADSelfService Plus
- Go to Admin > Product Settings > Integration Settings.
- In the Integration Settings section, click Have I Been Pwned, and then click Enable HaveIBeenPwned Integration.
- Once this integration is successful, whenever a user resets or changes their password in ADSelfService Plus, an error message will pop up if the new password they provide has been breached.
- Quick configuration:
The Have I Been Pwned? integration with ADSelfService Plus can be enabled with minimal steps.
- Password Policy Enforcer:
Another ADSelfService Plus feature that prevents users from creating weak passwords that are vulnerable to hacks is the Password Policy Enforcer. With this feature, administrators can create a custom password policy containing rules to blacklist breached passwords, prevent common patterns, and more to ensure that users create strong passwords. This password policy can be enforced during passwords reset and changes using ADSelfService, native password changes (password change using the Ctrl+Alt+Del console and password reset using the Active Directory Users and Computers (ADUC) console).
Help users avoid breached passwords.
Get 30-day free trialRelated Resources
- Password Expiry Email Notification using powershell
- Account Expiry Notification using Powershell Script
- How to unlock active directory user account using Powershell Script?
- How to sync active directory password with Office 365 using Powershell
- How to blacklist weak Active Directory passwords
- Self-service Active Directory Password Reset with Powershell
- Powershell Script to Reset User's Password in Google Apps
- How to audit Active Directory Password Quality using Powershell
- Office 365 Password Policy with PowerShell
- How to change user password at first logon using Powershell Script
- How to reset an Azure Active Directory User Password using Powershell
- How to automate Password Reset with Powershell Command
- How to automate unlock with powershell
- How to Get Password Age with Powershell
- How to change Local User Password Remotely using PowerShell script
- How to identify Active Directory Users with Pwned Passwords using Powershell?
- How to self-update active directory details using Powershell
- Powershell password security best practices
- How to enforce password policy for AD user using powershell
- How to get fine-grained password policy using Powershell
- How to sync password between ad domains using Powershell?
- How to find bad password attempts in Active Directory using PowerShell
