<div>
You can run powershell to get this:<br />
<br />
Get-ADUser -filter * -properties passwordlastset, passwordneverexpires | sort-object name | select-object Name, passwordlastset, passwordneverexpires | Export-csv -path c:\temp\user-password.csv
</div>


You can run powershell to get this:

Get-ADUser -filter * -properties passwordlastset, passwordneverexpires | sort-object name | select-object Name, passwordlastset, passwordneverexpires | Export-csv -path c:\temp\user-password.csv

<div>
Audit account management policy should be enable in your environment to check this issue. Below are some of the links for your reference.<br />
<br />
<a href="https://social.technet.microsoft.com/Forums/windowsserver/en-US/3532718c-0670-412e-9e06-42b59bf198f4/how-to-find-who-changed-the-password-of-a-user-account-in-active-directory?forum=winserverManagement" rel="ugc nofollow">https://social.technet.microsoft.com/Forums/windowsserver/en-US/3532718c-0670-412e-9e06-42b59bf198f4/how-to-find-who-changed-the-password-of-a-user-account-in-active-directory?forum=winserverManagement</a><br />
<br />
<a href="http://serverfault.com/questions/684404/how-to-check-who-reset-the-password-for-a-particular-user-in-active-directory-on" rel="ugc">http://serverfault.com/questions/684404/how-to-check-who-reset-the-password-for-a-particular-user-in-active-directory-on</a>
</div>


Audit account management policy should be enable in your environment to check this issue. Below are some of the links for your reference.

https://social.technet.microsoft.com/Forums/windowsserver/en-US/3532718c-0670-412e-9e06-42b59bf198f4/how-to-find-who-changed-the-password-of-a-user-account-in-active-directory?forum=winserverManagement [https://social.technet.microsoft.com/Forums/windowsserver/en-US/3532718c-0670-412e-9e06-42b59bf198f4/how-to-find-who-changed-the-password-of-a-user-account-in-active-directory?forum=winserverManagement]

http://serverfault.com/questions/684404/how-to-check-who-reset-the-password-for-a-particular-user-in-active-directory-on [http://serverfault.com/questions/684404/how-to-check-who-reset-the-password-for-a-particular-user-in-active-directory-on]

<div>
<div class="content wysiwyg-content">
I have user whose password has been changed in Active Directory twice without their consent.<br />
<br />
Is there a way to check to see all the users who might have changed the user's password in last 24 hours?<br />
<br />
We have 2008 datacenter r2 domain controller.
</div>
</div>


I have user whose password has been changed in Active Directory twice without their consent.

Is there a way to check to see all the users who might have changed the user's password in last 24 hours?

We have 2008 datacenter r2 domain controller.

Active Directory

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Batch files are text files containing a script of commands that are executed by the command interpreter on DOS, OS/2 and Windows systems. Most commonly, they are used to perform a series of functions that are repeated -- copying a set of files created daily with one step, for example.

Windows Batch

Windows Server 2008 and Windows Server 2008 R2, based on the Microsoft Vista codebase, is the last 32-bit server operating system released by Microsoft. It has a number of versions, including including Foundation, Standard, Enterprise, Datacenter, Web, HPC Server, Itanium and Storage; new features included server core installation and Hyper-V.