This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 7.000000000000001%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECG%3C/text%3E%3C/svg%3E)
Hi
We are undertaking a security review and need to confirm the Encryption used by AD to encrypt user passwords.
We have a few options but want to ensure we select the correct one. I have search the web but cannot find a clear answer so hoping someone can help.
We have Windows 2016 server, with 2012 Forest and domain level. My understanding is that password are hashed but I am not sure of the encryption.
Options are
Hash with MD4, MD4, Sha-1
Hashed SHA-2
Salted and Hashed with industry standard
Hope someone can you let me know the encryption and point me to information that covers this?
Thanks for your time in advance.
Craig
Hi
I did find this article.
https://floriansailer.wordpress.com/2019/05/31/active-directory-password-encryption/
Which seems to indicate Pre 2016 use MD5 and Salted.
2016 plus uses AES, Salted and PEK Encryption.
Regards
Craig