Solved

AD password history report

Posted on 2013-01-10
5
380 Views
Last Modified: 2013-04-02
Is there a way to create a report on AD to see how many times a password has been reset? I want to find out the times, date, and user that reset it the password. I have windows 2008 servers for AD.
0
Comment
Question by:tuzzo
5 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 38764803
There is the pwdlast attribute   http://msdn.microsoft.com/en-us/library/windows/desktop/ms679430(v=vs.85).aspx

...but that is not a historical trail.  The security event logs would be where that info is stored but this could be a tough task depending on what tools you have and how you archive your old logs.

Thanks

Mike
0
 

Author Comment

by:tuzzo
ID: 38764944
Do you know of any software that you could recommend to run a report from the logs? or any other software?
0
 
LVL 18

Expert Comment

by:Sushil Sonawane
ID: 38765123
This might be help you out.

ADManager Plus

For download refer below you out.

http://www.manageengine.com/products/ad-manager/index.html
0
 
LVL 4

Accepted Solution

by:
palicos earned 500 total points
ID: 38774229
For Naative Active Directory you can try these steps as bit error was there but like wise bit closed

1. Find the name of your Windows AD server or its alias that your organization uses.
2. Open Crystal Reports
3. Select New Report
4. When prompted for a datasource, go to "Create New Connection" -> "OLE DB (ADO)" (click "Make New Connection" if it doesn't prompt you)
5. From the list, scroll down till you see "OLE DB Provider for Microsoft Directory Service", highlight it, and click "next"
6. In the textboxes, enter the following
Data Source: <the name of your AD sever>
User ID: your user ID WITH the domain. For example ‘yourdomain\youraccount’
Password: your user password.
Integrated security left unchecked
7. Click finish.
NOTE: if you mess up anything from steps 4-7 and the connection is created, you will need to exit out of Crystal reports and then start over again. Making a new connection will not overwrite the bad connection and there is no way to edit it once it’s open.
8. Under "Active Directory Service Interfaces" click "Add Command"
9. Enter in the following SQL statement, replacing the stuff in the <> (you may need your AD administrators to give you the correct LDAP path):
SELECT samaccountname, sn, givenname, mail
FROM 'LDAP://OU=<yourOU>,DC=<yourdomain1>,DC=<yourdomain2>'
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to filter result in PowerShell 10 58
MaxPosPhaseCorrection setting 3 23
powershell question need assistance 10 32
lock down downloads folder 8 53
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question