Skip to main content

Import & Export AD Passwords

Export AD Usernames with Password Hash

On line 1, replace <DOMAIN NAME> with your Active Directory domain name. Example: school.internal

Get-ADReplAccount -All -Server "<DOMAIN NAME>" |
Select-Object SamAccountName, NTHash |
Export-Csv -Path "C:\Temp\ADExport.csv" -NoTypeInformation


Import AD Password Hashes

On line 26, replace <DOMAIN NETBIOS NAME> to your Active Directory NetBIOS name. Example: school (without .internal)

# Path to your CSV file
$csvPath = "C:\Temp\ADExport.csv"

# Import the CSV
$users = Import-Csv -Path $csvPath

foreach ($user in $users) {
    $sam = $user.sAMAccountName
    $hash = $user.NTHash

    # Skip if hash is empty
    if ([string]::IsNullOrWhiteSpace($hash)) {
        Write-Verbose ("Skipping $sam (no NTHash)") -Verbose
        continue
    }

    # Check if account exists
    $exists = Get-ADUser -Filter { SamAccountName -eq $sam } -ErrorAction SilentlyContinue
    if ($null -eq $exists) {
        Write-Verbose ("Skipping $sam (account not found)") -Verbose
        continue
    }

    # Set the password hash
    try {
        Set-SamAccountPasswordHash -SamAccountName $sam -domain <DOMAIN NETBIOS NAME> -NTHash $hash -Verbose
    } catch {
        $errMsg = $_.Exception.Message
        Write-Verbose -Message ("Failed to set hash for user '$sam'. Error: $errMsg") -Verbose
    }
}
Back to top