?
Solved

AD password history report

Posted on 2013-01-10
5
Medium Priority
?
385 Views
Last Modified: 2013-04-02
Is there a way to create a report on AD to see how many times a password has been reset? I want to find out the times, date, and user that reset it the password. I have windows 2008 servers for AD.
0
Comment
Question by:tuzzo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 38764803
There is the pwdlast attribute   http://msdn.microsoft.com/en-us/library/windows/desktop/ms679430(v=vs.85).aspx

...but that is not a historical trail.  The security event logs would be where that info is stored but this could be a tough task depending on what tools you have and how you archive your old logs.

Thanks

Mike
0
 

Author Comment

by:tuzzo
ID: 38764944
Do you know of any software that you could recommend to run a report from the logs? or any other software?
0
 
LVL 18

Expert Comment

by:Sushil Sonawane
ID: 38765123
This might be help you out.

ADManager Plus

For download refer below you out.

http://www.manageengine.com/products/ad-manager/index.html
0
 
LVL 4

Accepted Solution

by:
palicos earned 2000 total points
ID: 38774229
For Naative Active Directory you can try these steps as bit error was there but like wise bit closed

1. Find the name of your Windows AD server or its alias that your organization uses.
2. Open Crystal Reports
3. Select New Report
4. When prompted for a datasource, go to "Create New Connection" -> "OLE DB (ADO)" (click "Make New Connection" if it doesn't prompt you)
5. From the list, scroll down till you see "OLE DB Provider for Microsoft Directory Service", highlight it, and click "next"
6. In the textboxes, enter the following
Data Source: <the name of your AD sever>
User ID: your user ID WITH the domain. For example ‘yourdomain\youraccount’
Password: your user password.
Integrated security left unchecked
7. Click finish.
NOTE: if you mess up anything from steps 4-7 and the connection is created, you will need to exit out of Crystal reports and then start over again. Making a new connection will not overwrite the bad connection and there is no way to edit it once it’s open.
8. Under "Active Directory Service Interfaces" click "Add Command"
9. Enter in the following SQL statement, replacing the stuff in the <> (you may need your AD administrators to give you the correct LDAP path):
SELECT samaccountname, sn, givenname, mail
FROM 'LDAP://OU=<yourOU>,DC=<yourdomain1>,DC=<yourdomain2>'
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question