We have installed the Password Hook on our Microsoft Active Directory Domain Controller and are using a custom .NET 3.5 program to send the user ID and Password to a custom table within the our MSSQL 2005 database that we are using for Identity Center 7.1 SP3. We have an event agent set up to watch the table, so when an entry comes across, a job is run to find the corresponding user in the Identity Store and populate the password.

We have taken this route because we are not allowed to install a jvm on the Domain Controllers, and therefore cannot install the runtime components.

Our issue is that, with this method, if we check the box to Encrypt Password on the Password Hook configuration GUI, The password is encrypted and sent to our SQL table, and then is populated to the IDStore entry, without ever being decrypted.

The only way to we've found to properly populate the password field is to have the Hook send the password in plaintext, which will not be allowed by our organization.

Has anyone ever used a similar solution, with the Password Hook encryption enabled, and been able to decrypt what the password hook passes?

If done using the prescribed method of using the newpass.dse job and calling DSERT.exe from the hook, does the job store the password in the text file encrypted as well or is it in plain text?