• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 397
  • Last Modified:

AD password history report

Is there a way to create a report on AD to see how many times a password has been reset? I want to find out the times, date, and user that reset it the password. I have windows 2008 servers for AD.
1 Solution
Mike KlineCommented:
There is the pwdlast attribute   http://msdn.microsoft.com/en-us/library/windows/desktop/ms679430(v=vs.85).aspx

...but that is not a historical trail.  The security event logs would be where that info is stored but this could be a tough task depending on what tools you have and how you archive your old logs.


tuzzoAuthor Commented:
Do you know of any software that you could recommend to run a report from the logs? or any other software?
Sushil SonawaneCommented:
This might be help you out.

ADManager Plus

For download refer below you out.

For Naative Active Directory you can try these steps as bit error was there but like wise bit closed

1. Find the name of your Windows AD server or its alias that your organization uses.
2. Open Crystal Reports
3. Select New Report
4. When prompted for a datasource, go to "Create New Connection" -> "OLE DB (ADO)" (click "Make New Connection" if it doesn't prompt you)
5. From the list, scroll down till you see "OLE DB Provider for Microsoft Directory Service", highlight it, and click "next"
6. In the textboxes, enter the following
Data Source: <the name of your AD sever>
User ID: your user ID WITH the domain. For example ‘yourdomain\youraccount’
Password: your user password.
Integrated security left unchecked
7. Click finish.
NOTE: if you mess up anything from steps 4-7 and the connection is created, you will need to exit out of Crystal reports and then start over again. Making a new connection will not overwrite the bad connection and there is no way to edit it once it’s open.
8. Under "Active Directory Service Interfaces" click "Add Command"
9. Enter in the following SQL statement, replacing the stuff in the <> (you may need your AD administrators to give you the correct LDAP path):
SELECT samaccountname, sn, givenname, mail
FROM 'LDAP://OU=<yourOU>,DC=<yourdomain1>,DC=<yourdomain2>'
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now