+ Post New Thread
Results 1 to 14 of 14
Windows Thread, Passwords in Technical; Is there a way in AD to check to see if a user has changed their password? Thanks Tim...
  1. #1
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    3,151
    Thank Post
    319
    Thanked 309 Times in 215 Posts
    Rep Power
    124

    Passwords

    Is there a way in AD to check to see if a user has changed their password?

    Thanks

    Tim

  2. #2

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,313
    Thank Post
    901
    Thanked 1,798 Times in 1,549 Posts
    Blog Entries
    12
    Rep Power
    466
    No but i think you can in the event log on your domain controllers

  3. #3
    jj99's Avatar
    Join Date
    Jun 2008
    Location
    Stamford
    Posts
    91
    Thank Post
    8
    Thanked 2 Times in 2 Posts
    Rep Power
    14
    there is some software from script logic "actice administrator", tha monitors your AD for any changes, you can then set alerts or look though a log file of stuff you specify, rather than searching through your DC event logs, i used a demo a while back and it was excellent not sure how much it is tho! sure you could probaly get a edu discount tho

  4. #4
    acrobson's Avatar
    Join Date
    May 2007
    Location
    Tyne & Wear
    Posts
    519
    Thank Post
    5
    Thanked 6 Times in 6 Posts
    Rep Power
    18
    If you want them to, you could force them to change it, and then check to see if the tick box has been removed once it has been changed from 'Change password at next login'.

    I was sure I have seen a MS snapin for the MMC 2003 console which allows you to find out when a user last changed their password and also, view the times and dates etc that they logged into in the past. Maybe I am getting to consoles confused.

  5. #5
    Jobos's Avatar
    Join Date
    Apr 2007
    Posts
    1,165
    Thank Post
    186
    Thanked 55 Times in 47 Posts
    Rep Power
    26
    I thought that by using vbs you could query the AD to find out when the password was last changed.

  6. #6

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    Boston, MA
    Posts
    7,597
    Thank Post
    109
    Thanked 770 Times in 598 Posts
    Rep Power
    183
    I'm not 100% on this but if you use csvde (see Microsoft Corporation and CSVDE - Examples Import Export of user accounts Active Directory )to dump the contents of an OU, one of the columns is time since last password change.

    Like I say... I'm not 100% and can't try it at the moment but there's no harm giving it a bash - there's LOADS of other info there so you may find something to tell you an equally useful piece of info.

  7. #7
    meastaugh1's Avatar
    Join Date
    Jul 2006
    Location
    London/Hertfordshire
    Posts
    893
    Thank Post
    70
    Thanked 85 Times in 70 Posts
    Rep Power
    33
    Quote Originally Posted by Jobos View Post
    I thought that by using vbs you could query the AD to find out when the password was last changed.
    Indeed, this is the vbs I use:
    Set objUser = GetObject("LDAP://CN=someuser,OU=Some child OU,OU=Some OU,DC=domainame")
    dtmValue = objUser.PasswordLastChanged ' LINE 2
    WScript.Echo "The password was last set on " & _
    DateValue(dtmValue) & " at " & TimeValue(dtmValue)

  8. #8
    sahmeepee's Avatar
    Join Date
    Oct 2005
    Location
    Greater Manchester
    Posts
    795
    Thank Post
    20
    Thanked 70 Times in 42 Posts
    Rep Power
    34
    You can check that sort of thing with a dsquery:

    Code:
    dsquery user -stalepwd 1000 -limit 0
    1000 means they've not changed their password in 1000 days.
    0 means that you'll get all results back instead of it truncating to the first 100.

    If you want meaningful names back, try:

    Code:
    dsquery user -stalepwd 1000 -limit 0 | dsget user -samid -fn -ln
    (You'll need the windows adminpak installing if you haven't already got it on.)

    UPDATE: damnit, beaten to it!

  9. #9
    Jobos's Avatar
    Join Date
    Apr 2007
    Posts
    1,165
    Thank Post
    186
    Thanked 55 Times in 47 Posts
    Rep Power
    26

  10. #10
    Jobos's Avatar
    Join Date
    Apr 2007
    Posts
    1,165
    Thank Post
    186
    Thanked 55 Times in 47 Posts
    Rep Power
    26
    Sorry that was the wrong one. See here

    Password Last Changed

  11. #11
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    3,151
    Thank Post
    319
    Thanked 309 Times in 215 Posts
    Rep Power
    124
    Cheers!

  12. #12
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    3,151
    Thank Post
    319
    Thanked 309 Times in 215 Posts
    Rep Power
    124
    can i run this on my machine, or does it have to be run on a DC

  13. #13

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,157
    Thank Post
    116
    Thanked 529 Times in 452 Posts
    Blog Entries
    2
    Rep Power
    124
    Wow - don't some people make life difficult :-)

    What about:
    Code:
    net user 12345 /domain
    at a command prompt (of a server or workstation) - that bit which says "password last set" is the info you need for user "12345" - put the username in as needed :-)

  14. #14
    Jobos's Avatar
    Join Date
    Apr 2007
    Posts
    1,165
    Thank Post
    186
    Thanked 55 Times in 47 Posts
    Rep Power
    26
    The old ways are always best



SHARE:
+ Post New Thread

Similar Threads

  1. Passwords
    By ictex in forum Wireless Networks
    Replies: 19
    Last Post: 25th May 2006, 11:57 AM
  2. Passwords
    By indie in forum Wireless Networks
    Replies: 15
    Last Post: 25th January 2006, 11:04 AM
  3. making passwords help
    By browolf in forum Scripts
    Replies: 7
    Last Post: 26th August 2005, 10:49 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •