Pricing  Get Quote

Get Active Directory users with pwned passwords using PowerShell

The PowerShell script given below will inform whether the password provided has been breached before during cyberattacks. ADSelfService Plus, an Active Directory self-service password management and single sign-on solution, offers an integration with the 'Have I Been Pwned?' service to inform users if the new password provided during the password reset or change has been breached before. Here is a comparison between identifying whether a password has been breached or not using PowerShell and ADSelfService Plus.

With PowerShell

The Get-PwnedPassword PowerShell package, when installed and run, can identify if the password provided has been breached or not. Run the below script to install the Get-PwnedPassword package:
Install-Script -Name Get-PwnedPassword

Once the package has been installed, run this script to determine if the password you provide has been breached or not.

Get-PwnedPassword <enter the password>

With ADSelfService Plus

  • Go to Admin > Product Settings > Integration Settings.
  • In the Integration Settings section, click Have I Been Pwned, and then click Enable HaveIBeenPwned Integration.
  • Once this integration is successful, whenever a user resets or changes their password in ADSelfService Plus, an error message will pop up if the new password they provide has been breached.
Advantages of ADSelfService Plus
  • Quick configuration:

    The Have I Been Pwned? integration with ADSelfService Plus can be enabled with minimal steps.

  • Password Policy Enforcer:

    Another ADSelfService Plus feature that prevents users from creating weak passwords that are vulnerable to hacks is the Password Policy Enforcer. With this feature, administrators can create a custom password policy containing rules to blacklist breached passwords, prevent common patterns, and more to ensure that users create strong passwords. This password policy can be enforced during passwords reset and changes using ADSelfService, native password changes (password change using the Ctrl+Alt+Del console and password reset using the Active Directory Users and Computers (ADUC) console).

Help users avoid breached passwords.

  Get 30-day free trial.

Related Resources

ADSelfService Plus trusted by

A single pane of glass for complete self service password management
Email Download Link