Solved

AD password history report

Posted on 2013-01-10
5
375 Views
Last Modified: 2013-04-02
Is there a way to create a report on AD to see how many times a password has been reset? I want to find out the times, date, and user that reset it the password. I have windows 2008 servers for AD.
0
Comment
Question by:tuzzo
5 Comments
 
LVL 57

Expert Comment

by:Mike Kline
Comment Utility
There is the pwdlast attribute   http://msdn.microsoft.com/en-us/library/windows/desktop/ms679430(v=vs.85).aspx

...but that is not a historical trail.  The security event logs would be where that info is stored but this could be a tough task depending on what tools you have and how you archive your old logs.

Thanks

Mike
0
 

Author Comment

by:tuzzo
Comment Utility
Do you know of any software that you could recommend to run a report from the logs? or any other software?
0
 
LVL 18

Expert Comment

by:Sushil Sonawane
Comment Utility
This might be help you out.

ADManager Plus

For download refer below you out.

http://www.manageengine.com/products/ad-manager/index.html
0
 
LVL 4

Accepted Solution

by:
palicos earned 500 total points
Comment Utility
For Naative Active Directory you can try these steps as bit error was there but like wise bit closed

1. Find the name of your Windows AD server or its alias that your organization uses.
2. Open Crystal Reports
3. Select New Report
4. When prompted for a datasource, go to "Create New Connection" -> "OLE DB (ADO)" (click "Make New Connection" if it doesn't prompt you)
5. From the list, scroll down till you see "OLE DB Provider for Microsoft Directory Service", highlight it, and click "next"
6. In the textboxes, enter the following
Data Source: <the name of your AD sever>
User ID: your user ID WITH the domain. For example ‘yourdomain\youraccount’
Password: your user password.
Integrated security left unchecked
7. Click finish.
NOTE: if you mess up anything from steps 4-7 and the connection is created, you will need to exit out of Crystal reports and then start over again. Making a new connection will not overwrite the bad connection and there is no way to edit it once it’s open.
8. Under "Active Directory Service Interfaces" click "Add Command"
9. Enter in the following SQL statement, replacing the stuff in the <> (you may need your AD administrators to give you the correct LDAP path):
SELECT samaccountname, sn, givenname, mail
FROM 'LDAP://OU=<yourOU>,DC=<yourdomain1>,DC=<yourdomain2>'
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Starting in Windows Server 2008, Microsoft introduced the Group Policy Central Store. This automatically replicating location allows IT administrators to have the latest and greatest Group Policy (GP) configuration settings available. Let’s expl…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now