AD Administrator Password

Is there a way for an Active Directory user (Management) to be notified if the Administrator password changes on an Active Directory Domain?  

Who is Participating?
LauraEHunterMVPConnect With a Mentor Commented:
This isn't something that you can enable in a simple "click, click, click, done" fashion using native Active Directory tools, but it -is- possible to implement.  (Depending on how critical this need is, there are probably for-fee third-party tools that can automate the process - check out Quest and NetPro for starters.)

To do this using native AD tools, follow these steps:

[1] In the Default Domain Controllers Policy, enable Directory Service Access auditing.
[2] In Active Directory Users & Computers, click on View-->Advanced Features. Right-click on the Administrator account and select Properties. On the Security tab, click on Advanced and go to the Auditing tab. Create an auditing entry for the "Everyone" group that monitors the success or failure of "Change Password."

Once this is done, you'll need to use some sort of event log monitoring tool that will fire off an email/net send/etc. whenever the relevant event is triggered in the Event Viewer. You can see a sample of such a script here:

Hope this helps.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.