Import-CompromisedPasswordHashes -> Found 0 objects....

[dimforensics]

when i'm trying to import a hash from a file, it doesnt import by showing "Found 0 objects. Committed 0 new records and discarded 0 duplicates".

Import-CompromisedPasswordHashes -Filename "D:\hash.txt"

[ryannewington]

Hi @dimforensics

What does the file format look like?

An example of the correct format is here https://github.com/lithnet/ad-password-protection/wiki/Import%E2%80%90CompromisedPasswordHashes#filename

[dimforensics]

Hi Ryan,

[ryannewington]

Can we check to see if it actually added the hash? It might just be that the update happened before the UI had a chance to update stats. Replace the hash below with your hash

$hashString = '8846f7eaee8fb117ad06bdd830b7586c'
$hashByteArray = [byte[]] ($hashString -replace '..', '0x$&,' -split ',' -ne '')
Test-IsCompromisedPassword -Hash $hashByteArray

[dimforensics]

same result: "Found 0 objects. Committed 0 new records and discarded 0 duplicates".

[dimforensics]

actually, after executing with my hash:

$hashString = '8f01862ff171fcacf7c3951a5ec034a3'
$hashByteArray = [byte[]] ($hashString -replace '..', '0x$&,' -split ',' -ne '')
Test-IsCompromisedPassword -Hash $hashByteArray

=> it shows "True".

But after testing the user's password: Test-IsADUserPasswordCompromised => it shows "False".

[ryannewington]

Ok, so the hash got added and is in the store.

Have you looked at the user's actual password hash to make sure it is what you expect it to be? You can use the DSInternals module to get the current hash value https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-ADReplAccount.md

[dimforensics]

My fault, found the problem, this password hash I dumped from AD last week, and the User changed the password yesterday :) Thanks Ryan for the fast support.

[ryannewington]

Good to see they are changing their passwords :) Glad its all working