Solved

AD Administrator Password

Posted on 2007-03-26
1
202 Views
Last Modified: 2010-03-17
Is there a way for an Active Directory user (Management) to be notified if the Administrator password changes on an Active Directory Domain?  

GDF
0
Comment
Question by:gdf99
1 Comment
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 125 total points
ID: 18794605
This isn't something that you can enable in a simple "click, click, click, done" fashion using native Active Directory tools, but it -is- possible to implement.  (Depending on how critical this need is, there are probably for-fee third-party tools that can automate the process - check out Quest and NetPro for starters.)

To do this using native AD tools, follow these steps:

[1] In the Default Domain Controllers Policy, enable Directory Service Access auditing.
[2] In Active Directory Users & Computers, click on View-->Advanced Features. Right-click on the Administrator account and select Properties. On the Security tab, click on Advanced and go to the Auditing tab. Create an auditing entry for the "Everyone" group that monitors the success or failure of "Change Password."

Once this is done, you'll need to use some sort of event log monitoring tool that will fire off an email/net send/etc. whenever the relevant event is triggered in the Event Viewer. You can see a sample of such a script here: http://www.visualbasicscript.com/m_26619/tm.htm

Hope this helps.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0

Join & Write a Comment

I'm sure that every Windows systems administrator has written, or at least used, a batch or VBS login script at some point in their career, whether it is to map network drives, install printers, or set some user preferences.  No more! With Window…
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now