Hi Jay,

Thanks for posting! Because SmarterMail is API driven you can use the API to get users' passwords. I've created a ticket with your question to provide you more information about this.

Can you please share your finding here since im as well interested to see best way to export the list.

thank you

I personally would rather have an option to hash/salt the passwords to make them unrecoverable.

Look at the news of every bad security breach and they are taken to task for not doing it.

Hi Fadi,

The API for exporting with passwords is not in our documentation yet so you would need to reverse engineer it to get the call you'll need. I started a ticket with you to provide you with that information.

Another option to at least retrieve the passwords, but not export them, can be found in Tony's comment here: https://portal.smartertools.com/community/a94735/retrieving-passwords-not-working-per-api-documentation.aspx#136070

@Eric Tykwinski :  I agree this would be a nice option.  Emphasis on the "optional" part.  There was quite a ruckus in these forums a few years ago when the 'view password' option was rumored to be going away in a future upgrade.

Removing that ability would be terrible for domain admins, especially when they lack the ability to impersonate users.   See my thread: https://portal.smartertools.com/community/a94469/feature-request-impersonate-user-by-domain-admins-not-just-superuser.aspx     We have a fairly new customer who came onboard with over 1,400 users whose admins HAD impersonation at their prior host, but lost it when they came to us.  They beat us up weekly over why that feature is taking so long coming to SmarterMail.

Without the ability to impersonate, and without the ability to view passwords, admins would be (almost) helpless to diagnose user problems, especially when it requires viewing headers, etc.  Users often forget their passwords, especially when it's a one-time drop into Outlook and their mobile device.  Forcing a password reset each time an admin needs into the mailbox (due to lack of impersonation or pw viewing) would be a disaster.

I wrote that more for the benefit of all of us, in case SmarterTools is toying with the idea of taking away password viewing.

 

Emily,

Once you have reverse engineered how to do this with the API, we would appreciate a copy as well. It may well allow us to refactor our current method of having to loop through getting all the domains, then all the users for each domain, then retrieve and store all this in a database just so we can pull the users and the passwords together. Obviously this is very compute and time intensive. We have around 350 domains and several thousand email addresses on the server, so it takes a tic for this to complete.

Thank you. 

@John C

The way that you're doing your requests is how it needs to be done. Currently, the API documentation is incorrect. The GetUser API call and ListUsers API call don't actually return the password. You need to use the show-password API call to do this. This means that two API calls are required. And even if it was a single call I don't think it would make it much more efficient since on the code side of things the show password method would still have to be run on the server. If anything spacing it out reduces load over time. But If you mean API script length I can see what you mean there. 

Kind Regards, 

Thank you, Zach!