pwncheck is a self-contained, thorough and efficient solution that allows you to quickly address the number one security problem today: compromised and vulnerable passwords. It’s the only solution on the market that will perform a comprehensive check of your users’ passwords and provide you with:
pwncheck will provide the following information for free:
To get the list of accounts using breached password, there is a small, reasonable fee of $150, €120 or £100.
Pwncheck requires no installation and may be run on any machine that has connectivity to a Domain Controller.
Getting and running pwncheck couldn’t be any easier:
You can either use a Domain Admin account or you can grant just the required permissions with the following Powershell code:
#Just substitute the pwncheck account below with the account you want to assign replication privileges with
$Account = "pwncheck"
$RootDSE = [ADSI]"LDAP://RootDSE"
$DefaultNamingContext = $RootDse.defaultNamingContext
$cmd = "dsacls '$DefaultNamingContext' /G '`"$Account`":CA;`"Replicating Directory Changes`";'"
Invoke-Expression $cmd
$cmd = "dsacls '$DefaultNamingContext' /G '`"$Account`":CA;`"Replicating Directory Changes All`";'"
Invoke-Expression $cmd
$cmd = "dsacls '$DefaultNamingContext' /G '`"$Account`":CA;`"Replicating Directory Changes In Filtered Set`";'"
Invoke-Expression $cmd