My understanding is this is done by saving the hashes and checking the current password against them, and (I’m much less concrete on this one) for “similar” it will run common iterations of the password and save those hashes
At a previous job one of the sysadmins checked all AD users for repeated hashes, and compared against hashes of the top 1000 most common passwords. He also identified one of the IT people had the same hash for both their normal account and their domain admin account, and spoke with them individually to change their domain admin account password
My understanding is this is done by saving the hashes and checking the current password against them, and (I’m much less concrete on this one) for “similar” it will run common iterations of the password and save those hashes
At a previous job one of the sysadmins checked all AD users for repeated hashes, and compared against hashes of the top 1000 most common passwords. He also identified one of the IT people had the same hash for both their normal account and their domain admin account, and spoke with them individually to change their domain admin account password
deleted by creator