+ Post New Thread
Results 1 to 14 of 14
Windows Thread, Passwords in Technical; Is there a way in AD to check to see if a user has changed their password? Thanks Tim...
  1. #1
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    2,976
    Thank Post
    287
    Thanked 266 Times in 191 Posts
    Rep Power
    115

    Passwords

    Is there a way in AD to check to see if a user has changed their password?

    Thanks

    Tim

  2. #2

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,816
    Thank Post
    873
    Thanked 1,675 Times in 1,458 Posts
    Blog Entries
    12
    Rep Power
    444
    No but i think you can in the event log on your domain controllers

  3. #3
    jj99's Avatar
    Join Date
    Jun 2008
    Location
    Stamford
    Posts
    89
    Thank Post
    8
    Thanked 2 Times in 2 Posts
    Rep Power
    13
    there is some software from script logic "actice administrator", tha monitors your AD for any changes, you can then set alerts or look though a log file of stuff you specify, rather than searching through your DC event logs, i used a demo a while back and it was excellent not sure how much it is tho! sure you could probaly get a edu discount tho

  4. #4
    acrobson's Avatar
    Join Date
    May 2007
    Location
    Tyne & Wear
    Posts
    519
    Thank Post
    5
    Thanked 6 Times in 6 Posts
    Rep Power
    17
    If you want them to, you could force them to change it, and then check to see if the tick box has been removed once it has been changed from 'Change password at next login'.

    I was sure I have seen a MS snapin for the MMC 2003 console which allows you to find out when a user last changed their password and also, view the times and dates etc that they logged into in the past. Maybe I am getting to consoles confused.

  5. #5
    Jobos's Avatar
    Join Date
    Apr 2007
    Posts
    1,133
    Thank Post
    177
    Thanked 49 Times in 42 Posts
    Rep Power
    24
    I thought that by using vbs you could query the AD to find out when the password was last changed.

  6. #6

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,590
    Thank Post
    109
    Thanked 762 Times in 593 Posts
    Rep Power
    180
    I'm not 100% on this but if you use csvde (see Microsoft Corporation and CSVDE - Examples Import Export of user accounts Active Directory )to dump the contents of an OU, one of the columns is time since last password change.

    Like I say... I'm not 100% and can't try it at the moment but there's no harm giving it a bash - there's LOADS of other info there so you may find something to tell you an equally useful piece of info.

  7. #7
    meastaugh1's Avatar
    Join Date
    Jul 2006
    Location
    London/Hertfordshire
    Posts
    890
    Thank Post
    69
    Thanked 85 Times in 70 Posts
    Rep Power
    32
    Quote Originally Posted by Jobos View Post
    I thought that by using vbs you could query the AD to find out when the password was last changed.
    Indeed, this is the vbs I use:
    Set objUser = GetObject("LDAP://CN=someuser,OU=Some child OU,OU=Some OU,DC=domainame")
    dtmValue = objUser.PasswordLastChanged ' LINE 2
    WScript.Echo "The password was last set on " & _
    DateValue(dtmValue) & " at " & TimeValue(dtmValue)

  8. #8
    sahmeepee's Avatar
    Join Date
    Oct 2005
    Location
    Greater Manchester
    Posts
    795
    Thank Post
    20
    Thanked 70 Times in 42 Posts
    Rep Power
    33
    You can check that sort of thing with a dsquery:

    Code:
    dsquery user -stalepwd 1000 -limit 0
    1000 means they've not changed their password in 1000 days.
    0 means that you'll get all results back instead of it truncating to the first 100.

    If you want meaningful names back, try:

    Code:
    dsquery user -stalepwd 1000 -limit 0 | dsget user -samid -fn -ln
    (You'll need the windows adminpak installing if you haven't already got it on.)

    UPDATE: damnit, beaten to it!

  9. #9
    Jobos's Avatar
    Join Date
    Apr 2007
    Posts
    1,133
    Thank Post
    177
    Thanked 49 Times in 42 Posts
    Rep Power
    24

  10. #10
    Jobos's Avatar
    Join Date
    Apr 2007
    Posts
    1,133
    Thank Post
    177
    Thanked 49 Times in 42 Posts
    Rep Power
    24
    Sorry that was the wrong one. See here

    Password Last Changed

  11. #11
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    2,976
    Thank Post
    287
    Thanked 266 Times in 191 Posts
    Rep Power
    115
    Cheers!

  12. #12
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    2,976
    Thank Post
    287
    Thanked 266 Times in 191 Posts
    Rep Power
    115
    can i run this on my machine, or does it have to be run on a DC

  13. #13

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,154
    Thank Post
    114
    Thanked 527 Times in 450 Posts
    Blog Entries
    2
    Rep Power
    123
    Wow - don't some people make life difficult :-)

    What about:
    Code:
    net user 12345 /domain
    at a command prompt (of a server or workstation) - that bit which says "password last set" is the info you need for user "12345" - put the username in as needed :-)

  14. #14
    Jobos's Avatar
    Join Date
    Apr 2007
    Posts
    1,133
    Thank Post
    177
    Thanked 49 Times in 42 Posts
    Rep Power
    24
    The old ways are always best

SHARE:
+ Post New Thread

Similar Threads

  1. Passwords
    By ictex in forum Wireless Networks
    Replies: 19
    Last Post: 25th May 2006, 10:57 AM
  2. Passwords
    By indie in forum Wireless Networks
    Replies: 15
    Last Post: 25th January 2006, 10:04 AM
  3. making passwords help
    By browolf in forum Scripts
    Replies: 7
    Last Post: 26th August 2005, 09:49 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •