Solved

AD Administrator Password

Posted on 2007-03-26
1
207 Views
Last Modified: 2010-03-17
Is there a way for an Active Directory user (Management) to be notified if the Administrator password changes on an Active Directory Domain?  

GDF
0
Comment
Question by:gdf99
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 125 total points
ID: 18794605
This isn't something that you can enable in a simple "click, click, click, done" fashion using native Active Directory tools, but it -is- possible to implement.  (Depending on how critical this need is, there are probably for-fee third-party tools that can automate the process - check out Quest and NetPro for starters.)

To do this using native AD tools, follow these steps:

[1] In the Default Domain Controllers Policy, enable Directory Service Access auditing.
[2] In Active Directory Users & Computers, click on View-->Advanced Features. Right-click on the Administrator account and select Properties. On the Security tab, click on Advanced and go to the Auditing tab. Create an auditing entry for the "Everyone" group that monitors the success or failure of "Change Password."

Once this is done, you'll need to use some sort of event log monitoring tool that will fire off an email/net send/etc. whenever the relevant event is triggered in the Event Viewer. You can see a sample of such a script here: http://www.visualbasicscript.com/m_26619/tm.htm

Hope this helps.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question