Passwords

**timbo343** · 26th June 2008, 07:23 PM

Is there a way in AD to check to see if a user has changed their password?

Thanks

Tim

**FN-GM** · 26th June 2008, 07:34 PM

No but i think you can in the event log on your domain controllers

**jj99** · 26th June 2008, 07:51 PM

there is some software from script logic "actice administrator", tha monitors your AD for any changes, you can then set alerts or look though a log file of stuff you specify, rather than searching through your DC event logs, i used a demo a while back and it was excellent not sure how much it is tho! sure you could probaly get a edu discount tho

**acrobson** · 26th June 2008, 08:00 PM

If you want them to, you could force them to change it, and then check to see if the tick box has been removed once it has been changed from 'Change password at next login'.

I was sure I have seen a MS snapin for the MMC 2003 console which allows you to find out when a user last changed their password and also, view the times and dates etc that they logged into in the past. Maybe I am getting to consoles confused.

**Jobos** · 26th June 2008, 08:06 PM

I thought that by using vbs you could query the AD to find out when the password was last changed.

**Ric_** · 26th June 2008, 08:13 PM

I'm not 100% on this but if you use csvde (see Microsoft Corporation and CSVDE - Examples Import Export of user accounts Active Directory )to dump the contents of an OU, one of the columns is time since last password change.

Like I say... I'm not 100% and can't try it at the moment but there's no harm giving it a bash - there's LOADS of other info there so you may find something to tell you an equally useful piece of info.

**meastaugh1** · 26th June 2008, 08:15 PM

Originally Posted by Jobos

I thought that by using vbs you could query the AD to find out when the password was last changed.

Indeed, this is the vbs I use:
Set objUser = GetObject("LDAP://CN=someuser,OU=Some child OU,OU=Some OU,DC=domainame")
dtmValue = objUser.PasswordLastChanged ' LINE 2
WScript.Echo "The password was last set on " & _
DateValue(dtmValue) & " at " & TimeValue(dtmValue)

**sahmeepee** · 26th June 2008, 08:26 PM

You can check that sort of thing with a dsquery:

Code:

dsquery user -stalepwd 1000 -limit 0

1000 means they've not changed their password in 1000 days.
0 means that you'll get all results back instead of it truncating to the first 100.

If you want meaningful names back, try:

Code:

dsquery user -stalepwd 1000 -limit 0 | dsget user -samid -fn -ln

(You'll need the windows adminpak installing if you haven't already got it on.)

UPDATE: damnit, beaten to it!

**Jobos** · 26th June 2008, 08:29 PM

Here it is
VBScript program to retrieve the password information for one user

**Jobos** · 26th June 2008, 08:32 PM

Sorry that was the wrong one. See here

Password Last Changed

**timbo343** · 26th June 2008, 08:33 PM

Cheers!

**timbo343** · 26th June 2008, 08:42 PM

can i run this on my machine, or does it have to be run on a DC

**srochford** · 26th June 2008, 09:48 PM

Wow - don't some people make life difficult :-)

What about:

Code:

net user 12345 /domain

at a command prompt (of a server or workstation) - that bit which says "password last set" is the info you need for user "12345" - put the username in as needed :-)

**Jobos** · 26th June 2008, 10:00 PM

The old ways are always best

LinkBack

Thread Tools

Search Thread

Passwords

Similar Threads

Passwords

Passwords

making passwords help

Thread Information

Users Browsing this Thread

Posting Permissions