This question is going against the grain of every best practice I've been taught, but it's a larger issue with my current organization. The crux of it is, I need to see what a users password currently is, not just reset it. There are a few reasons for this.
My organization has an active directory, but it is used solely for remote terminal services. There is propriety software in place that does not sync with anything and we manually create user accounts within these various programs/databases, and just manually set their credentials to the same ones they use to login to their office 365 account. The online exchange is the heart of our business, not the active directory.
Due to this, passwords are set to never expire, and a masterlist is kept of all users and their passwords. All of this is transparent to the end user, as far as they are concerned, they only have one account across everything because they're logins are the same for everything, but that is because we manually set their credentials as the same. Now when a user forgets their password (especially our mobile guys as they receive their phones/tablets already logged in and rarely know their passwords) we consult the master list. However, in this circumstance, the user, for whatever reason, is not in the masterlist.
This has probably been the case for months but was only just noticed when I had to set them up with a new tablet. The user does not know their password, and without the masterlist I can't see what it is. The only other option I see available to me is to reset the users exchange password (I'll explain the process I follow below) and have the user call me every time he is unable to login to something, go to it, and reset his password or (in some cases) create him a new account (which is not at all ideal as he will loose all of the linked data he has built up over the years) and start again.
I am well aware how poor these practices are and have been pushing hard to get them changed, but that is another matter.
Now the way I currently reset a users password (as the office365 webapp does not allow manually setting of passwords) is to run powershell off my IT laptop with the exchange, azure admin and azure sign in assistant plugins, and enter the following commands:
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -credential $UserCredential -Authentication Basic –AllowRedirection
Login with my domain admin account
import-pssession $session
and
connect-msolservice
This gets me to the online exchange powershell session where I can run the password reset command
Set-MsolUserPassword –UserPrincipalName TYPE_USERNAME_HERE –NewPassword TYPE_DESIRED_PASSWORD_HERE -ForceChangePassword $False
However I need to see what the password currently is. In my searching I have found many resources explaining how to get information about when the password was last set, if it's set to never expire, that sort of thing. However so actual answers on how to retrieve the users current password (and display it in a readable format as, presumably, it will be encrypted). I have, however, been led to believe it is possible by this post I found: Powershell Scripting example link
So I basically need to know what powershell commands to run to retrieve and decode a users current password. I am my organization I.T. Admin and have full admin rights. Also, this is my first stack exchange post so let me know if there's any additional information you need. I appreciate the help.
