Improve company productivity with a Business Account.Sign Up

x
?
Solved

Password aging reports for Active Directory

Posted on 2011-03-01
4
Medium Priority
?
1,464 Views
Last Modified: 2012-05-11
I have Windows 2003 domain (perhaps will be 2008 domian in the coming year) and I want to know what people use for password management.  My biggest need right now is being able to run a report on all users in AD to show me when they last changed their password, and how long before it expires.  Any other features are a plus, but password aging reports is the big one.
0
Comment
Question by:Ad-Apex
4 Comments
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 500 total points
ID: 35007675
You can use for that Microsoft DS Tools,
ADFind from
http://www.joeware.net/freetools/tools/adfind/index.htm
or
Quest PowerShell cmd-lets
http://www.quest.com/powershell/activeroles-server.aspx
or if it's 2008 R2
native PowerShell commands

Regards,
Krzysztof
0
 
LVL 27

Assisted Solution

by:KenMcF
KenMcF earned 500 total points
ID: 35007712
I agree with iSiek. The quest AD cmdlets are a great tool. You can use something like this to get a report for user passwords

get-qaduser -sizelimit 0 | Select Name, PasswordLastset, PasswordAge, PasswordExpires | Export-csv c:\userspasswords.csv
0
 
LVL 12

Expert Comment

by:FarWest
ID: 35007975
0
 

Author Closing Comment

by:Ad-Apex
ID: 35009782
Thanks!  I used the Quest cmdlets link from iSiek along with the command from KenMcF.
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
If you need to implement application level security in an Access database application or other VBA code, I strongly encourage you to take advantage of Active Directory groups.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question