+ Post New Thread
Results 1 to 14 of 14
Windows Thread, Passwords in Technical; Is there a way in AD to check to see if a user has changed their password? Thanks Tim...
  1. #1
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    2,772
    Thank Post
    251
    Thanked 220 Times in 168 Posts
    Rep Power
    87

    Passwords

    Is there a way in AD to check to see if a user has changed their password?

    Thanks

    Tim

  2. #2

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,392
    Thank Post
    797
    Thanked 1,588 Times in 1,391 Posts
    Blog Entries
    10
    Rep Power
    427
    No but i think you can in the event log on your domain controllers

  3. #3
    jj99's Avatar
    Join Date
    Jun 2008
    Location
    Stamford
    Posts
    86
    Thank Post
    8
    Thanked 2 Times in 2 Posts
    Rep Power
    12
    there is some software from script logic "actice administrator", tha monitors your AD for any changes, you can then set alerts or look though a log file of stuff you specify, rather than searching through your DC event logs, i used a demo a while back and it was excellent not sure how much it is tho! sure you could probaly get a edu discount tho

  4. #4
    acrobson's Avatar
    Join Date
    May 2007
    Location
    Tyne & Wear
    Posts
    519
    Thank Post
    5
    Thanked 6 Times in 6 Posts
    Rep Power
    16
    If you want them to, you could force them to change it, and then check to see if the tick box has been removed once it has been changed from 'Change password at next login'.

    I was sure I have seen a MS snapin for the MMC 2003 console which allows you to find out when a user last changed their password and also, view the times and dates etc that they logged into in the past. Maybe I am getting to consoles confused.

  5. #5
    Jobos's Avatar
    Join Date
    Apr 2007
    Posts
    1,101
    Thank Post
    171
    Thanked 44 Times in 37 Posts
    Rep Power
    23
    I thought that by using vbs you could query the AD to find out when the password was last changed.

  6. #6

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,582
    Thank Post
    107
    Thanked 761 Times in 592 Posts
    Rep Power
    179
    I'm not 100% on this but if you use csvde (see Microsoft Corporation and CSVDE - Examples Import Export of user accounts Active Directory )to dump the contents of an OU, one of the columns is time since last password change.

    Like I say... I'm not 100% and can't try it at the moment but there's no harm giving it a bash - there's LOADS of other info there so you may find something to tell you an equally useful piece of info.

  7. #7
    meastaugh1's Avatar
    Join Date
    Jul 2006
    Location
    London/Hertfordshire
    Posts
    888
    Thank Post
    68
    Thanked 84 Times in 69 Posts
    Rep Power
    31
    Quote Originally Posted by Jobos View Post
    I thought that by using vbs you could query the AD to find out when the password was last changed.
    Indeed, this is the vbs I use:
    Set objUser = GetObject("LDAP://CN=someuser,OU=Some child OU,OU=Some OU,DC=domainame")
    dtmValue = objUser.PasswordLastChanged ' LINE 2
    WScript.Echo "The password was last set on " & _
    DateValue(dtmValue) & " at " & TimeValue(dtmValue)

  8. #8
    sahmeepee's Avatar
    Join Date
    Oct 2005
    Location
    Greater Manchester
    Posts
    795
    Thank Post
    20
    Thanked 69 Times in 42 Posts
    Rep Power
    33
    You can check that sort of thing with a dsquery:

    Code:
    dsquery user -stalepwd 1000 -limit 0
    1000 means they've not changed their password in 1000 days.
    0 means that you'll get all results back instead of it truncating to the first 100.

    If you want meaningful names back, try:

    Code:
    dsquery user -stalepwd 1000 -limit 0 | dsget user -samid -fn -ln
    (You'll need the windows adminpak installing if you haven't already got it on.)

    UPDATE: damnit, beaten to it!

  9. #9
    Jobos's Avatar
    Join Date
    Apr 2007
    Posts
    1,101
    Thank Post
    171
    Thanked 44 Times in 37 Posts
    Rep Power
    23

  10. #10
    Jobos's Avatar
    Join Date
    Apr 2007
    Posts
    1,101
    Thank Post
    171
    Thanked 44 Times in 37 Posts
    Rep Power
    23
    Sorry that was the wrong one. See here

    Password Last Changed

  11. #11
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    2,772
    Thank Post
    251
    Thanked 220 Times in 168 Posts
    Rep Power
    87
    Cheers!

  12. #12
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    2,772
    Thank Post
    251
    Thanked 220 Times in 168 Posts
    Rep Power
    87
    can i run this on my machine, or does it have to be run on a DC

  13. #13

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,144
    Thank Post
    113
    Thanked 518 Times in 447 Posts
    Blog Entries
    2
    Rep Power
    121
    Wow - don't some people make life difficult :-)

    What about:
    Code:
    net user 12345 /domain
    at a command prompt (of a server or workstation) - that bit which says "password last set" is the info you need for user "12345" - put the username in as needed :-)

  14. #14
    Jobos's Avatar
    Join Date
    Apr 2007
    Posts
    1,101
    Thank Post
    171
    Thanked 44 Times in 37 Posts
    Rep Power
    23
    The old ways are always best

SHARE:
+ Post New Thread

Similar Threads

  1. Passwords
    By ictex in forum Wireless Networks
    Replies: 19
    Last Post: 25th May 2006, 10:57 AM
  2. Passwords
    By indie in forum Wireless Networks
    Replies: 15
    Last Post: 25th January 2006, 10:04 AM
  3. making passwords help
    By browolf in forum Scripts
    Replies: 7
    Last Post: 26th August 2005, 09:49 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •