Skip to content
Get insights into the actual strength and quality of passwords in Active Directory.
Branch: master
Clone or download


License PowerShell 3 | 4 | 5 Windows Server 2008 R2 | 2012 R2 | 2016 .NET Framework 4.5.1+ Visual Studio 2017

Get insights into the actual strength and quality of passwords in Active Directory.


This module is able to compare password hashes of enabled Active Directory users against bad/weak/non-compliant passwords (e.g. hackers first guess in brute-force attacks).

  • Performs comparison against one or multiple wordlist(s).
    • This script does not transform input from the wordlists (such as transforming between upper/lower case). Each input from the wordlist is used as-is. Use other tools to generate more specialized wordlists if necessary. A PoC-script has been included (New-bADpasswordLists_EN.ps1) for basic wordlist generation.
  • Performs additional comparison against publicly leaked passwords, see acknowledgements below.
  • Performs password comparison against 'null' in the Active Directory (i.e. finds empty/null passwords).
  • Performs password comparison between users in the Active Directory (i.e. finds shared passwords).
  • Requires 'Domain Admin' privileges or similar, e.g. 'Domain Controller' or delegated Domain-level permissions for both "Replicating Directory Changes All" and "Replicating Directory Changes All", to succesfully fetch passwords from the Active Directory database.
  • Choose a Domain Controller or a member server (will become a Tier 0 system) for executing the script, e.g. as a Scheduled Task.



Microsoft Visual C++ Redistributable Package

Microsoft Visual C++ Redistributable Package is required by our PSI DLL. This DLL is reponsible for parsing the leaked-password binary file and performing comparisons against it. The source code for the DLL can be found here.

Installation step-by-step
  • Go to Microsoft Latest Supported Visual C++ Download.
  • Download and install the Visual Studio 2017 version of the Visual C++ Redistributable Package for your target platform:
    • For 32-bit systems: vc_redist.x86.exe
    • For 64-bit systems: vc_redist.x64.exe (recommended)
  • No restart required.

Microsoft .NET Framework 4.5.1+

Microsoft .NET Framework 4.5.1+ is required by the DSInternals 3.0 PowerShell module by Michael Grafnetter.

Installation step-by-step


DSInternals 3.0 PowerShell Module

This module is used to query the Active Directory and fetch user information (SAM Account Name, E-mail, Password Hash, etc.). The source code for this module can be found here.

Installation step-by-step

Alternatively, you can install DSInternals 3.0 through PowerShellGet by running the following PowerShell command:

PS> Install-Module -Name DSInternals

Leaked password list

This file contains a binary packed list of leaked password hashes from the PwnedPasswords list published by Troy Hunt. The file is too big (8 GB) for GitHub (max 25 MB), so we host it on our SharePoint instead.

Installation step-by-step
  • Go to Improsec Leaked Password List.
  • Download the leaked-passwords.bin file:
    • SHA1: 8FBA5EF0704A555CCB130D2850CCA9FB25B925FD.
  • Place the file in the same folder as the rest of this project.


Installing this framework is as simple as downloading the entire respository. However, you have to manually configure the following:

  • Open 'Get-bADpasswords.ps1':
    • Navigate to the configuration-section and modify the variables to fit your needs, at least:
      • $domain_name
      • $naming_context
      • $mail_smtp
      • $mail_recipient
  • (Optional) Modify the wordlists at ./Accessible/PasswordLists/*.txt to your own liking.


Since the desired options has already been selected during the configuration part of the install-section, you can go ahead and run the script:

PS> ./Get-bADpassword.ps1



This project is licensed under the BSD 3-Clause License - see the file for details


You can’t perform that action at this time.